ClawHub

Todo4 Onboard

Security checks across malware telemetry and agentic risk

Overview

This skill appears to onboard Todo4 as advertised, but it handles live account tokens and automatic connection authority in a way users should review before installing.

Install only if you trust the Todo4 publisher and are comfortable giving the agent persistent access to your Todo4 account. Treat ~/.openclaw/.env and ~/.openclaw/mcp_config.json as sensitive files, watch for token exposure in logs, and revoke the connected agent from Todo4 when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger text includes 'any similar request,' which is overly broad for a skill that creates accounts and links an agent to an external service. Broad activation increases the chance the agent invokes onboarding from ambiguous user intent, causing unintended account creation or service connection without sufficiently specific consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The 'When to run this skill' section instructs the agent to run the whole onboarding flow whenever the user asks to sign up, install, connect, onboard, or start using Todo4, but it lacks disambiguation and exclusion rules. In context, this is risky because the flow performs external side effects—sending OTPs, verifying accounts, and connecting the agent—so an overly permissive trigger can lead to accidental or premature execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script emits both the access token and refresh token directly to stdout, which makes them easy to leak into agent logs, shell history, process captures, orchestration traces, or downstream tool outputs. In an onboarding skill context, these credentials are highly sensitive because they appear to grant authenticated access to the user's Todo4 account and could be replayed if exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal