Back to skill

Security audit

TODO Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local TODO-list helper whose persistence and file edits are disclosed and fit its purpose, with some usability and robustness cautions.

Install only if you are comfortable with the agent maintaining a persistent TODO.md file in the workspace. Use explicit TODO commands for add, done, and remove actions, review the file before deleting entries, and avoid complex regex-like text in mark-done or remove patterns unless the script is hardened to match plain text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README advertises very broad natural-language triggers such as 'Just talk naturally' and generic phrases like 'What's on the TODO?' or 'Mark X done', which can cause the skill to activate in contexts the user did not clearly intend. Because this skill performs persistent state changes across sessions, over-broad invocation increases the risk of accidental task creation, modification, or disclosure when similar phrases appear in unrelated conversation or quoted text.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The README describes adding, moving, and deleting TODO items and maintaining a persistent TODO.md file, but it does not explicitly warn users that the skill writes to disk and can remove entries. In a persistent skill, lack of disclosure can lead to unintended data changes or loss, especially when combined with conversational triggering or heartbeat-driven use.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Automatic activation on heartbeat is insufficiently constrained and can cause the skill to read and summarize persistent workspace data without a fresh user request. This increases the chance of unnecessary data exposure in routine responses and can surface stale or sensitive task content unexpectedly.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Automatic activation on heartbeat is insufficiently constrained and can cause the skill to read and summarize persistent workspace data without a fresh user request. This increases the chance of unnecessary data exposure in routine responses and can surface stale or sensitive task content unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to maintain a persistent TODO.md file but does not clearly warn users that their requests may be stored and modified in the workspace across sessions. This can lead to unintentional persistence of sensitive information and surprises about data retention or file changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.