Proactive-Do

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a recurring proactive todo assistant, but it needs review because it can repeatedly act on todo items and send todo details by email without tight per-action limits.

Install only if you intentionally want recurring proactive execution from todo/todo.md. Before enabling cron or email, define what actions are allowed automatically, require explicit approval for high-impact tasks, verify the gog sender and recipient, avoid putting secrets in todos, and keep todo/ and agent_work/ out of shared repos or backups unless intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill tells the agent to halt for actions requiring explicit approval or external messaging, but elsewhere it also instructs automatic heartbeat emails via the gog CLI. That contradiction can cause an agent to send external communications without fresh user consent, especially on recurring cron-driven runs, creating unauthorized disclosure and impersonation risk.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger set includes broad phrases like heartbeat prompts, review todos, pick top 3, and generic state labels, which can cause the skill to activate in ordinary workspace events or unrelated conversations. Because this skill can modify files, create journals, search online, and send notifications, accidental activation materially increases the chance of unintended actions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to send email reports containing task information but does not clearly warn that todo contents and progress details will leave the local environment. Users may reasonably expect todo data to remain local, so this creates a covert exfiltration path for sensitive project, personal, or operational information.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The start email explicitly requires inclusion of the full text of the 3 selected todos, which may contain secrets, internal plans, credentials, personal data, or confidential business context. Copying full todo text into external email creates a direct and predictable data leakage channel, amplified by recurring automated execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal