Text Based - Todo List Agent Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local todo-list skill with disclosed local persistence and no evidence of network access, credential use, shell execution, or destructive behavior outside its todo state.

Install only if you are comfortable with tasks being saved locally in the skill folder. Avoid putting secrets in todo text, inspect or ignore the bundled import_tasks.txt examples, and use the short aliases deliberately because they can change the saved todo list.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented security boundary says persistence is confined to the skill directory, but the finding indicates the implementation actually reads and writes via a sibling path ('../claw-todolist'). That breaks the stated trust model, can cause unintended cross-skill data access or overwrite behavior, and makes operator review of the skill misleading because the declared REVIEW capability and storage model do not match actual behavior.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: Single-letter aliases such as 'a', 'x', and 'e' create overly broad triggers that can be activated by normal conversation, causing unintended task additions, edits, or completion actions. In a conversational agent skill with persistence, accidental command invocation is more dangerous because it can silently mutate stored state and erode user trust.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal