ClawHub

Dida365 Cli

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Dida365 task-management helper, but it requires a raw session cookie and can broadly read, edit, and delete account data through external npm code.

Install only if you trust the npm package and maintainer. Verify the package source and version first, avoid exposing your Dida365 cookie in shared shells or logs, prefer official or scoped credentials where possible, and require explicit confirmation before any delete, merge, move, or batch operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires users to provide a Cookie token for authentication, which is a highly sensitive session credential that can grant direct account access if exposed. The documentation tells users how to set it but provides no warnings about shell history, process listings, logging, storage location, or token rotation, making accidental credential leakage much more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented sync commands can retrieve broad account data including projects, tasks, tags, folders, and user settings, but the skill does not explain the sensitivity or scope of the returned data. In an agent or automation context, this increases the risk of unnecessary collection, overexposure in logs, or downstream disclosure of private task metadata.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The batch delete-folders command is a destructive operation, yet unlike other delete commands in the same skill it is not marked as dangerous and does not mention confirmation safeguards. This makes accidental bulk deletion more likely, especially when the skill is used through an agent that may execute commands non-interactively.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal