Back to skill
Skillv1.0.1
ClawScan security
TODO Web App · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:52 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (a local Node.js TODO web UI that reads/writes TODO.md and can be autostarted via launchd); it requires no external credentials or downloads, but it does persistently run on your machine and serves an unauthenticated HTTP endpoint on your LAN, so use with awareness.
- Guidance
- This skill appears to do exactly what it says: run a local Node.js server that reads/writes TODO.md and archives completed items. Before installing: 1) Inspect server.js yourself (it modifies TODO.md and appends to TODO-done.md). 2) Place the script where you intend and ensure TODO.md is the correct file (it uses the parent directory of server.js). 3) Be aware it serves plain HTTP on your LAN without authentication—anyone on your local network who can reach your host:3456 can view and toggle tasks. Don't install on a machine with sensitive TODO.md contents or on an untrusted network. 4) When following the launchd steps, open the plist file and verify the node and server.js paths and the run arguments before running launchctl load; if you prefer not to auto-start, skip the launchd step. 5) Consider firewall rules or binding to localhost if you want to restrict access. If you want additional assurance, run the server inside a restricted account/container or change file permissions so only an intended user can edit TODO.md.
Review Dimensions
- Purpose & Capability
- okThe name/description (local TODO web app) aligns with the provided server.js and SKILL.md. The script reads/writes TODO.md and TODO-done.md, serves UI over HTTP on port 3456, and includes archive/toggle behavior described in the README. The launchd autostart instruction matches the claimed auto-start behavior.
- Instruction Scope
- noteInstructions are scoped to installing the script, adding an optional bg.jpg, and registering a macOS launchd agent. They direct reading/writing of TODO.md and TODO-done.md (explicitly one directory up from server.js). Note: the instructions modify user launch agents (persistent startup) and assume macOS; there is no guidance for other OSes. The app exposes an unauthenticated HTTP endpoint on the LAN and will accept toggle/archive actions from any LAN client—this is expected but a material security consideration.
- Install Mechanism
- okNo install spec or external downloads are present; the skill is instruction-only plus a bundled server.js file. Nothing is pulled from remote URLs or extracted to disk by an installer. The only persistent installation step is the user copying a plist into ~/Library/LaunchAgents and loading it.
- Credentials
- okNo environment variables, credentials, or external service tokens are requested. The script works with local filesystem files only (TODO.md, TODO-done.md, optional bg.jpg). Those file accesses are consistent with the described functionality.
- Persistence & Privilege
- noteThe skill does not set always:true and requires manual user action to install. However, the provided instructions ask the user to create/load a launchd agent, which grants persistent autostart on macOS. This persistence is proportional to the stated goal (auto-start), but users should review the plist and confirm paths/permissions before loading.