ClawHub

Remember The Milk

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: manage Remember The Milk tasks, with sensitive account access and delete capability disclosed.

Install this only if you want an agent to manage your Remember The Milk account. Keep RTM_API_KEY and RTM_SHARED_SECRET in skill configuration, protect or remove ~/.rtm_token when not needed, and review delete or note-deletion actions before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires environment variables, reads and writes a persistent token file, and makes outbound network requests, yet no explicit permissions are declared. That mismatch weakens security review and enforcement because the platform cannot accurately constrain or inform users about the skill's actual capabilities. In this context, the undeclared access is especially relevant because the token grants ongoing account access and the skill performs destructive actions like delete.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- **Env vars:** `RTM_API_KEY` and `RTM_SHARED_SECRET` are required at runtime. Configure via OpenClaw skill env, not hardcoded.
- **Auth token:** Stored as plain text at `~/.rtm_token` after interactive auth. This file grants full access to the linked RTM account. Protect it accordingly — restrict file permissions (`chmod 600`) or remove after use if not needed persistently.
- **Network:** All API calls go to `api.rememberthemilk.com` and `www.rememberthemilk.com` only. No other outbound connections.
- **Permissions:** The auth flow requests `delete` permission (RTM's highest tier) to support task deletion. Use a dedicated API key with minimum needed scope if preferred.

## Commands
Confidence
89% confidence
Finding
Permissions:*

Excessive Permissions

Low
Category
Privilege Escalation
Content
- **Env vars:** `RTM_API_KEY` and `RTM_SHARED_SECRET` are required at runtime. Configure via OpenClaw skill env, not hardcoded.
- **Auth token:** Stored as plain text at `~/.rtm_token` after interactive auth. This file grants full access to the linked RTM account. Protect it accordingly — restrict file permissions (`chmod 600`) or remove after use if not needed persistently.
- **Network:** All API calls go to `api.rememberthemilk.com` and `www.rememberthemilk.com` only. No other outbound connections.
- **Permissions:** The auth flow requests `delete` permission (RTM's highest tier) to support task deletion. Use a dedicated API key with minimum needed scope if preferred.

## Commands
Confidence
86% confidence
Finding
Permissions:*

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal