Back to skill
Skillv1.4.1
ClawScan security
Text Based - Todo List Agent Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 6:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill appears to implement an on-disk todo manager consistent with its description: it only reads/writes local files in its package and does not request credentials or network access.
- Guidance
- This skill appears self-contained and only reads/writes files bundled with the package (no network calls or credentials). Before installing: (1) review the index.js file yourself (it is short) if you have concerns, (2) confirm where the runtime will write task_state.json (the code builds a path that should resolve to the skill directory but you may want to test in a sandbox), and (3) ensure the skill runs with minimal filesystem permissions (it only needs to read/write its own directory). If you need stricter isolation, run it in a confined environment or inspect/modify the SKILL_DIR path to an explicit expected folder.
Review Dimensions
- Purpose & Capability
- okName/description (todo list manager) matches the included files and code: index.js implements add/edit/done/show/REVIEW behavior and persisted state/rules/display config are bundled with the package.
- Instruction Scope
- noteRuntime instructions and code operate only on local files (task_state.json, display_config.json, todo-rules-v3.2.md). There is no network I/O, no environment variable access, and no steps that ask the agent to read unrelated system files. Minor note: parsing and text-handling logic has quirks (e.g., parseArgs may include structured tokens in text buffer) that affect behavior but not security.
- Install Mechanism
- okNo install spec (instruction-only in metadata) and the package contains only small local files (JS + JSON + docs). Nothing is downloaded from external URLs or installed globally.
- Credentials
- okThe skill declares no required environment variables, no credentials, and the code does not access process.env or other secrets. The requested scope is minimal and appropriate for a local todo manager.
- Persistence & Privilege
- noteThe skill persists state to disk (task_state.json). This is expected for a todo manager. The code builds SKILL_DIR using path.join(__dirname, '..', 'claw-todolist') which, while likely resolving to the skill folder in normal deployments, is an odd construction — verify that state files will be created where you expect and that file permissions are acceptable.