ClawHub

Telegram Todo List

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrowly scoped TODO.md manager with some task-number bugs but no evidence of hidden access, credential use, exfiltration, or behavior beyond managing the todo file.

Install only if you are comfortable letting the skill read and rewrite /root/.openclaw/workspace/TODO.md and display todo contents through the Telegram workflow. Keep backups of important todo content because complete/delete-by-number behavior appears unreliable, and treat TODO.md as data rather than trusted instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The delete_task function does not delete tasks by their displayed ordinal as documented. Instead, it only considers lines starting with '- [x]' due to the combined startswith checks, then attempts to parse a numeric index from a fixed character position that actually contains '[' rather than a task number. In a task-management skill, this can cause deletion requests to fail unpredictably or target the wrong content if the code is later modified around the same flawed assumptions, leading to integrity loss in the user's TODO file.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The find_task_by_number function claims to locate tasks by task number, but it compares the requested number to raw file line indices (i + 1) rather than the displayed task ordering produced by parse_tasks. This mismatch can cause the wrong task to be marked complete or prevent legitimate updates, which is a data integrity issue because user actions may modify unintended entries in TODO.md.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal