Opentask Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenTask client, but it can let a configured remote task queue influence agent work and mutate task state without enough scoping or approval guidance.

Install only for an OpenTask server you operate or fully trust. Use a scoped API key, verify OPENTASK_HOST, prefer HTTPS, avoid putting secrets or sensitive personal data in task fields or logs, and do not add HEARTBEAT auto-processing unless you want queued OpenTask items to direct agent work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include broad terms like “查询任务”, “获取任务”, “创建任务”, and “完成任务”, which are common in ordinary conversation and can cause unintended invocation of a skill that performs real task-management operations. In this context, accidental activation could lead to task queries or state changes against the OpenTask service, so the issue is real but lower severity than direct code execution or secret exfiltration.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation instructs users to configure an API key and host and then make authenticated network requests, but it does not clearly warn that task contents, identifiers, and operational metadata will be transmitted to an external service. In a task-management skill, that omission matters because users may unknowingly expose sensitive operational details or credentials to a remote endpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal