ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Todolist Md Clawdbot Copy

v1.0.0

Read, summarize, propose edits, and write back changes to Markdown todo files using line-stable bot markers without altering task identity or completing tasks.

0· 568·0 current·0 all-time
by@nitsujy·duplicate of @nitsujy/todolist-md-clawdbot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's stated purpose (read/update Markdown todo files) matches the included scripts: they implement a Google Drive-backed workflow (list, download, update files, revision gating). However the registry metadata declared no required env vars/config paths, which is incorrect: the scripts clearly require Drive auth (ACCESS_TOKEN or CLIENT_ID/CLIENT_SECRET/REFRESH_TOKEN) and a gog CLI for folder listing. The absence of declared credentials/config requirements is an incoherence.
!
Instruction Scope
SKILL.md stays mostly on-scope (detect changed files, extract open tasks, write bot-markers). But the runtime scripts go further: they read/write local secret files (default path /root/clawd/.secrets/todolist_drive_oauth.json and /root/clawd/.secrets/gog.env), run system commands via sudo to call a gog CLI, and expect env vars like CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN, ACCESS_TOKEN, GOG_ACCOUNT, GOG_KEYRING_PASSWORD. Those filesystem and sudo accesses are not documented in the registry requirements and expand the agent's runtime scope beyond what's advertised.
Install Mechanism
No install spec (instruction-only) — that's low risk from an installer perspective. There are no downloads from arbitrary URLs. However the included scripts will invoke local binaries (gog and sudo) and call external OAuth/Drive endpoints. The scripts rely on existing host tooling and will execute child processes (execFileSync / subprocess), which is expected for Drive integration but should be noted as an execution-time requirement.
!
Credentials
Registry lists no required environment variables or config paths, but the code expects and/or uses many secrets and paths: ACCESS_TOKEN, CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN, AUTH_CODE, REFRESH_TOKEN_FILE (default /root/clawd/.secrets/...), GOG_ACCOUNT, GOG_KEYRING_PASSWORD, GOG_BIN, and a gog.env file at /root/clawd/.secrets/gog.env. Asking for or writing persistent refresh tokens into /root is a privileged, persistent capability and is not proportionate to the registry's empty env declaration.
!
Persistence & Privilege
The skill does not set always:true (good), but it does persist long-lived credentials: managed-OAuth path writes a refresh_token JSON file by default to /root/clawd/.secrets/todolist_drive_oauth.json and reads a gog.env secret file from /root/clawd/.secrets. The code also invokes sudo -u ubuntu to run gog. These behaviors create persistent credentials on the host and require elevated/local access patterns that increase blast radius; they should be documented and restricted.
What to consider before installing
This skill contains functioning Drive integration code but the package metadata claims no required credentials or config paths — that mismatch is a red flag. Before installing or running: 1) Inspect and confirm you trust the code; it's safe-looking but will store OAuth refresh tokens and read secret env files by default under /root/clawd/.secrets. 2) Do not run it on a machine with sensitive root secrets; prefer an isolated container or VM. 3) Supply the minimal credential possible (short-lived ACCESS_TOKEN) instead of giving CLIENT_ID/CLIENT_SECRET/REFRESH_TOKEN if you can. 4) If you must use managed OAuth, change the default refresh token path to a directory you control and ensure file permissions are restrictive. 5) Be aware the scripts call sudo and expect a gog CLI — verify the gog binary path and that using sudo -u ubuntu is acceptable in your environment. 6) Ask the skill author to update registry metadata to list required env vars/config paths and to document exactly where tokens are written and how to opt out of persistent storage. If you cannot confirm these fixes, treat the skill as risky and run only in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c0v3vrcqpbwnh7e6zsvjjan814h39

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments