ClawHub

clawdo - Todo List for Agents

Security checks across malware telemetry and agentic risk

Overview

clawdo is a task queue for agents; its automation examples need sensible limits, but the reviewed skill package is coherent and shows no hidden or malicious behavior.

Install only if you are comfortable with a global npm CLI maintaining a persistent task queue. Keep unattended heartbeat or cron use limited to clearly scoped, pre-approved, low-risk work, and require human review before tasks that affect accounts, money, public content, production systems, credentials, or private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill advertises use in broad contexts such as heartbeat loops, cron jobs, conversations, and sub-agents without clearly constraining when it should be invoked or what classes of tasks are safe to execute. In an agentic environment, this can cause over-triggering and inappropriate task capture/execution from ordinary conversation text, increasing the chance of unintended actions affecting user workflows or system state.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples show agents selecting the next auto-approved task, starting it, and marking it done with no warning to validate scope, side effects, or whether the task may modify files, services, or user data. This normalizes autonomous execution patterns that could lead an integrating agent to perform impactful actions without sufficient verification, especially when task text is ambiguous or attacker-influenced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal