ClawHub

Task Memory

Security checks across malware telemetry and agentic risk

Overview

This is a useful local task-memory skill, but it needs review because it stores durable task data, runs on broad automatic triggers, describes external QQ/IM reminders, uses an unexpected hard-coded write path, and ships with active finance-related task records.

Review before installing. Clear the bundled todo.json, change the hard-coded TODO_FILE path to a user-owned skill directory, and only enable heartbeat/session checks or QQ/IM reminders after explicitly deciding what data may be stored or sent. Avoid putting sensitive personal, business, or financial details in task titles or notes until those controls are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions include broad routine events such as session start, heartbeat checks, and whenever a task is discussed or status changes. Over-broad activation increases the chance the skill runs unexpectedly, causing unintended persistence, task creation, or reminder behavior without a clear user request. Given this skill’s stateful behavior, accidental invocation is more dangerous than in a read-only helper skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires persistent storage of task records and also describes deletion, purging, and pushing overdue reminders to QQ/IM, but it does not provide clear warnings about what data may be stored or sent externally. This creates privacy and data-handling risks: sensitive task titles, notes, or schedules could be retained or transmitted without user awareness or consent. The context makes this more serious because the skill is explicitly designed for continuous tracking across sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal