ClawHub

OpenClaw TODO

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local TODO manager, but it defaults to also keeping a local memory history of task changes.

Install only if you are comfortable with TODO items and task-change history being stored in both the TODO file and the local brain-memory JSONL file. Set brainLog:false before use for sensitive personal, business, customer, credential, or incident-response tasks, and delete the configured brain-memory file if you need to remove previously logged task text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The plugin's stated purpose is managing a markdown TODO.md file, but it also writes TODO contents into a separate semantic memory store by default. TODO text often contains sensitive personal or work information, so this undisclosed secondary persistence expands data exposure, retention, and discoverability beyond what users would reasonably expect from a simple TODO plugin.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The semantic memory feature is outside the justified scope of a markdown TODO plugin and stores user task content in a second datastore without a necessity demonstrated by the advertised functionality. Because semantic/memory stores are designed for later retrieval and correlation, this can amplify privacy risk by making sensitive tasks easier to search, embed, and reuse in other contexts.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The command handlers automatically log added, edited, completed, and removed TODO text to brain memory by default, causing routine user interactions to be copied into a separate persistent store. This is dangerous because every task update may leak sensitive intent, schedules, credentials, project names, or personal notes into a broader memory system not implied by the plugin's TODO.md management role.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest explicitly states that the plugin modifies a TODO.md file and may also append notes to a brain-memory log, but it does not provide any user-facing warning or consent-oriented language about these writes. This can lead to unexpected data modification or leakage into memory logs, especially because the configured paths point to persistent workspace files and the brain log is enabled by default.

VirusTotal

No VirusTotal findings

View on VirusTotal