ClawHub
Back to skill
v1.1.4

clawdo - Todo List for Agents

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:27 AM.

Analysis

clawdo is a coherent task-queue skill, but it relies on an external npm CLI and supports persistent agent tasks that may be processed automatically when users enable auto modes.

GuidanceBefore installing, verify that the npm package is the intended clawdo project, keep auto and auto-notify for low-risk work, leave deployments or ambiguous changes as collab, and avoid storing secrets in task text.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
This minimal package (~7 KB) contains only documentation and license. The actual CLI tool is installed via `npm install -g clawdo`.

The reviewed skill package does not include the CLI implementation; using the skill requires trusting an external npm-distributed binary.

User impactInstalling the skill may involve running code from the npm package, not just the ClawHub documentation package.
RecommendationInstall only from the expected npm/GitHub project, consider pinning versions, and review the npm package provenance before using it in important environments.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
# In HEARTBEAT.md — runs every ~30 minutes
TASKS=$(clawdo inbox --format json)
...
clawdo start "$TASK" --json
# ... do the work ...
clawdo done "$TASK" --json

The documentation shows a scheduled heartbeat pattern where an agent can pick up and complete approved auto tasks outside an active conversation.

User impactIf auto tasks are enabled, an agent may act later during heartbeats or cron runs rather than waiting for a live user prompt.
RecommendationKeep risky or ambiguous tasks at the collab level, confirm agent proposals deliberately, and monitor the audit trail for automatic task processing.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
`add → inbox → start → done`. Persistent state in SQLite.

The skill stores task descriptions and state persistently so future agent runs can retrieve and act on them.

User impactTask text can persist across conversations or scheduled runs, so sensitive data or poorly worded instructions could be reused later.
RecommendationAvoid putting secrets in task descriptions, periodically review stale/proposed tasks, and treat persistent task entries as instructions that may affect future agent behavior.