Back to skill

Security audit

Openclaw with Remember The Milk

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Remember The Milk task manager, with account access and local credential storage that fit its stated purpose.

Install only if you are comfortable giving this skill delete-level access to your Remember The Milk account. Keep ~/.rtm-credentials.json, ~/.rtm-token.json, and any .env file private, avoid syncing or committing them, and double-check task IDs before using edit, complete, or delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs users to install and use a CLI that handles API credentials and communicates with the Remember The Milk service, implying environment/secret handling and network access, yet no permissions are declared. This creates a trust and review gap: users and platforms are not clearly informed that the skill can access local secrets and make outbound requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes a destructive `rtm delete <task_id>` command with no warning about permanence, no confirmation step, and no guidance for safe use. In an agent or shell-driven context, this increases the chance of accidental or automated deletion of user data, especially if task IDs are selected incorrectly.

Session Persistence

Medium
Category
Rogue Agent
Content
### Method B: Using a `.env` file

Create a file named `.env` in this skill's folder (you can use `.env.example` as a template) and add your keys:

```env
RTM_API_KEY="your-api-key"
Confidence
94% confidence
Finding
Create a file named `.env` in this skill's folder (you can use `.env.example` as a template) and add your keys: ```env RTM_API_KEY="your-api-key" RTM_SHARED_SECRET="your-shared-secret" ``` > **IMPOR

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.