Back to skill
Skillv1.0.1
VirusTotal security
Ideas2tasks · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 16, 2026, 3:51 PM
- Hash
- e339c6b3653f471903c09510a2f911529c553f6b41c6ea3a8f65d3b2cf173302
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ideas2tasks Version: 1.0.1 The ideas2tasks skill bundle automates project management by scanning local directories (/Users/claw/Ideas) and syncing tasks with GitHub and Telegram. A significant security vulnerability exists in scripts/executor.py, which uses subprocess.run with shell=True to execute GitHub CLI commands; because task titles and project names are incorporated into these commands without rigorous sanitization, it presents a high risk of Shell Injection. While the external communications (Telegram API and GitHub) and broad filesystem access are consistent with the tool's stated purpose, the insecure execution pattern and the potential for an AI agent to be manipulated into processing malicious 'ideas' make this bundle suspicious.
- External report
- View on VirusTotal