Task System

Security checks across malware telemetry and agentic risk

Overview

This is a local task-tracking skill with some installer and input-validation caveats, but no evidence of deception, exfiltration, credential access, or unrelated authority.

Install only if you want a local SQLite task tracker and persistent command-line access. Use numeric task IDs, avoid putting secrets in task text or notes, and review/remove the added shell PATH entry or ~/.local/bin/task-system symlink if you uninstall.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented purpose is task management, but the installation flow also changes persistent shell configuration and adds executable exposure via PATH/symlink setup. That broader system modification increases trust requirements and can create persistence or command-shadowing risk, especially because the behavior is not clearly scoped in the primary description.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The phrase 'Use for all task management needs' is overly broad and encourages invocation in many contexts without clear boundaries or least-privilege constraints. Broad routing language can cause the agent to over-trust or over-use the skill, magnifying the effect of any hidden side effects such as profile changes or installed executables.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The installer persistently modifies the user's shell startup configuration to prepend its own directory to PATH without explicit consent or a clear warning that this change will affect future shells. Persistent PATH modification can alter command resolution long-term and may cause unintended execution of binaries from the skill directory if names collide with trusted commands.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The script creates a persistent symlink in ~/.local/bin without interactive confirmation, changing what executable will run when the user invokes task-system later. Although this is common installer behavior, doing it silently can surprise users and creates lasting execution persistence in their personal command path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal