ClawHub

Todoist 任务可见性管理

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Todoist helper, but it gives an agent broad authenticated ability to change Todoist data with limited scoping and confirmation guidance.

Install only if you are comfortable giving the agent a Todoist API token that can read and modify your Todoist account. Prefer adding confirmation before writes, limiting or removing the generic API wrapper, and storing the token in a protected secret store or private shell config rather than shared logs, screenshots, or repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents shell-script execution and external API access, but no explicit permissions declaration is present. That mismatch can cause users or hosting systems to underestimate the skill's capabilities, increasing the risk of unintended command execution or remote state changes in the user's Todoist account.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad enough to activate on ordinary task-management conversations, which can cause the agent to invoke this skill unexpectedly. Because the skill performs write operations against Todoist, over-triggering raises the chance of unintended task creation, status changes, or comments being posted to a live account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes creating tasks, updating status, and adding comments without clearly warning that these actions write data to the user's remote Todoist account. Users may believe the skill is only organizing local workflow state, when in fact it can permanently modify cloud-backed task data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup instructions tell users to place a Todoist API token in an environment variable but do not warn that it is a sensitive credential granting account access. Without handling guidance, users may expose the token through shell history, logs, screenshots, shared sessions, or insecure persistence mechanisms.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal