Todolist Md Clawdbot
Security checks across malware telemetry and agentic risk
Overview
The skill matches its todo-file purpose, but it needs review because its helper scripts can use and persist broad Google Drive credentials while the registry declares no credentials or binary requirements.
Install or run this only if you are comfortable granting a helper script persistent Google Drive access. Use a dedicated Drive account or folder, verify the fileId/rootFolderId, inspect edits before write-back, and remove /root/clawd/.secrets/todolist_drive_oauth.json or gog credentials when no longer needed.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved with the wrong account or OAuth client, the skill could have persistent access to read or update more Google Drive content than just the intended Markdown todo files.
The helper requests the broad Google Drive OAuth scope and persists a refresh token to a default secrets path, giving the script reusable Drive access rather than one-time access to a single todo file.
const scopes = ['https://www.googleapis.com/auth/drive']; ... const refreshTokenFile = args.refreshTokenFile || process.env.REFRESH_TOKEN_FILE || '/root/clawd/.secrets/todolist_drive_oauth.json';
Use a dedicated Google account or least-privileged OAuth setup where possible, verify the exact folder/file IDs before running, and remove the stored refresh token when you no longer need the skill.
The script may use an existing local Google/gog credential profile, which could access Drive data under that account without the user realizing this dependency from the registry listing.
The folder runner reads a local gog credential file and uses the account/password values for Drive access, but the registry metadata declares no primary credential, env vars, or required config paths.
const envFile = '/root/clawd/.secrets/gog.env'; ... const text = fs.readFileSync(envFile, 'utf8'); ... if (k === 'GOG_KEYRING_PASSWORD' && !pw) pw = v;
Do not run this unless you understand which gog account it will use. Prefer passing explicit credentials for a dedicated account, and the publisher should declare these credential/config requirements.
A mistaken fileId or accepted edit could change a Markdown file in Google Drive.
The script can overwrite-update the same Google Drive fileId. This is aligned with the skill's write-back purpose and includes a revision gate, but it is still mutation authority over user Drive files.
method: 'PATCH', ... `https://www.googleapis.com/upload/drive/v3/files/${fileId}?uploadType=multipart`Review proposed edits before applying them, keep backups or Drive revision history enabled, and verify the target fileId/root folder.
Running the helper executes local commands on the host, not just in-agent text processing.
The folder runner executes the gog CLI through a fixed argument array. This is expected for the Drive listing workflow, but it is local command execution and depends on a trusted gog binary.
const raw = execFileSync(cmd[0], cmd.slice(1), { encoding: 'utf8' });Only run it in an environment where the gog binary and GOG_BIN setting are trusted.
The skill may fail or behave differently depending on the local gog installation and account setup.
The helper relies on an external gog executable and sudo workflow, while the registry lists no required binaries or install spec. This is likely an under-declared dependency rather than hidden malicious behavior.
const gogBin = process.env.GOG_BIN || '/home/linuxbrew/.linuxbrew/bin/gog'; ... 'sudo','-u','ubuntu','-H','env'
The publisher should declare gog/sudo requirements and pin or document the expected gog version and provenance.