Skillv1.0.6

ClawScan security

Todo List for MacOS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 1:42 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (managing macOS Reminders via AppleScript); nothing in the provided files indicates unrelated data access or exfiltration, but the script content was truncated in the listing so I cannot fully verify the very end of the file.
Guidance: This skill appears coherent and implements exactly what it claims: controlling macOS Reminders via AppleScript. Before installing or running it: (1) inspect the full scripts/todo.sh file locally (the provided listing was truncated) to confirm there are no unexpected commands (e.g., do shell script, curl, or other network calls); (2) be prepared for macOS to prompt for permission to control Reminders — grant only if you trust the skill; (3) test on a throwaway list or with test reminders (avoid running delete on critical items) since deletions are irreversible and changes sync to iCloud; (4) if you need higher assurance, run a quick grep over the script for suspicious patterns (network or shell execution) and review the final truncated lines before granting trust.

Purpose & Capability: okThe name/description say macOS Reminders via AppleScript and the included scripts/todo.sh implements that using osascript and Reminders APIs. No unrelated binaries, environment variables, or external services are requested.
Instruction Scope: okSKILL.md instructs the agent to run the bundled scripts/todo.sh for actions (add, list, complete, delete, search, lists, create-list, today). The AppleScript blocks operate on Reminders objects and do not reference files, arbitrary shell execution, or external endpoints in the visible portion. Note: the provided file listing is truncated near the end, so the last lines could not be inspected.
Install Mechanism: okThere is no install spec; this is instruction-only with a bundled script. Nothing is downloaded or extracted from external URLs in the metadata or SKILL.md.
Credentials: okNo environment variables, credentials, or config paths are requested. The script will require macOS's Reminders automation permission (user-granted), which is expected for this purpose. No unrelated secrets are requested.
Persistence & Privilege: okThe skill is not always-enabled and doesn't declare elevated platform privileges. It modifies only Reminders data (create/complete/delete) which is consistent with its purpose and will sync via iCloud per macOS behavior. Autonomous invocation is allowed by default but is not exceptional here.