ClawHub

TODO Tracker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local TODO helper with expected persistent file edits, not a deceptive or high-impact skill.

Install only if you are comfortable with the agent maintaining a persistent local TODO.md file. Use explicit commands for add, done, and remove actions, and review TODO.md before deleting entries. Avoid passing complex regex-like text to mark-done or remove commands unless the script is hardened to treat input as plain text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README tells users to 'Just talk naturally to your agent,' which is an overly broad activation description for a skill that performs persistent state changes. In agent systems, vague trigger guidance can cause unintended activation on ordinary conversation, leading to unauthorized or accidental modification of TODO data across sessions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises 'Remove X from TODO' but does not warn that this permanently deletes data from the persistent TODO file. In a persistent cross-session scratch pad, omission of deletion warnings increases the chance of accidental destructive actions and user surprise, especially when paired with natural-language triggering.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrase "asks about pending tasks" is broad enough to match ordinary conversation that is not clearly a request to access or modify the persistent TODO store. In a skill that maintains workspace state and can surface prior tasks during heartbeat, accidental invocation could expose or act on persisted task data when the user did not explicitly intend to use this skill.

Vague Triggers

High
Confidence
96% confidence
Finding
The phrase "remember to X" is highly generic and likely to occur in normal conversation, making unintended skill activation very likely. Because this skill writes persistent entries to TODO.md, misfires can silently store user statements or contextual text as tasks, creating integrity and privacy risks and polluting long-lived workspace state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal