ClawHub

todo-list-plugin

Security checks across malware telemetry and agentic risk

Overview

The todo tools are simple, but the package includes a live-looking wallet private key and billing/private-key setup that is not clearly reflected in the basic metadata.

Review this plugin carefully before installing. The todo functionality is narrow and local, but the packaged .env private key and wallet billing configuration are significant red flags. Prefer a corrected release with no bundled secrets, clear billing documentation, and a rotated/removed exposed key.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
High
What this means

A private key in the package could be misused by anyone who obtains the plugin, and it raises concern about how wallet credentials are handled.

Why it was flagged

The distributed package contains a wallet-private-key-looking value. Private keys can authorize account or wallet actions, and shipping one in the artifact is a material credential exposure.

Skill content
PRIVATE_KEY=0x05f9aa...b0fd
Recommendation

Do not install or use this version until the publisher removes the .env file, rotates the exposed key, and clearly documents any billing credential requirements.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

A user may not realize this plugin involves wallet-key handling before installation or configuration.

Why it was flagged

The plugin asks for a wallet private key for billing, while the registry metadata says no primary credential or required env vars are declared. That is high-impact credential access for a simple todo plugin.

Skill content
"privateKey": { "type": "string", "description": "Wallet private key for Orbit billing (0x + 64 hex chars)" }
Recommendation

Only provide wallet credentials if you understand the Orbit billing flow, trust the publisher, and can use a limited-purpose wallet with minimal funds.

#
ASI06: Memory and Context Poisoning
Low
What this means

Anything saved as a todo may be shown back to the agent later and should be treated as persistent local data.

Why it was flagged

The skill persists todo content in a local JSON file and later returns it through the get tool. This is expected for a todo list, but it means todo text can re-enter future agent context.

Skill content
path.join(os.homedir(), ".openclaw"), "plugins", "todo-list-plugin", "todos.json"
Recommendation

Avoid putting passwords, keys, or sensitive instructions in todo items, and periodically review or delete stored todos.