Security audit

EffortList AI (Organize Your Life /w Safety)

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate EffortList integration, but it exposes account, scheduling, booking, appointment, and destructive delete capabilities that are broader and higher-impact than a simple task manager.

Install only if you want an agent to manage your EffortList account, not just draft task plans. Before allowing writes, require explicit confirmation for deletes, bulk changes, booking-link changes, appointment accept/decline/cancel actions, OTP-related flows, and anything that may notify guests or affect public availability.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a manager for folders, tasks, and todos, but the documented workflows materially expand its scope to include profile access, scheduling settings, booking links, and appointment actions. This scope mismatch can cause an agent or user to invoke the skill under narrower expectations while granting it broader access to calendar-like and scheduling data than the description suggests.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Managing booking links and accepting or declining appointments extends beyond simple task organization into externally visible scheduling control. If invoked under the assumption that the skill only manages internal folders/tasks/todos, an agent could modify public availability or customer-facing appointments without sufficiently explicit user consent.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documented API surface materially exceeds the skill's stated purpose of managing folders, tasks, and todos by exposing booking, availability, appointment, and chat operations. This creates capability drift and increases the chance an agent can access or modify scheduling and communication data that users would not reasonably expect from the advertised scope.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Public booking, appointment creation/cancelation, and OTP verification endpoints enable interactions with external parties and identity flows that go beyond personal task management. If exposed through the skill, an agent could trigger communications, schedule changes, or verification-related actions involving third parties without clear user understanding, creating privacy and abuse risks.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation guidance is broad enough to match many ordinary productivity requests such as organizing life, tracking projects, or managing schedules. Overbroad trigger text increases the chance an agent selects this skill in situations where the user did not intend to grant powerful write access, including destructive CRUD and scheduling side effects.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises full CRUD, cascading deletes, and undo/redo history but does not prominently warn that deletions may be destructive and broad in scope. In practice, this can normalize dangerous operations and lead an agent to perform irreversible or large-scale data changes without adequate user confirmation, especially because cascading deletes can wipe nested items.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The API documentation describes cascading deletes, appointment cancelation, guest email notifications, and booked-item side effects without a prominent warning or consent model. In an agent setting, these hidden consequences can cause destructive changes and privacy-impacting notifications that users may not realize will occur from seemingly routine updates or deletions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Delete endpoints for folders, tasks, and todos are presented without strong warnings about irreversible outcomes, including child-record purges and appointment cancelation. In an agent-integrated workflow this increases the likelihood of accidental or overbroad destructive actions, especially because hierarchical deletes can remove far more data than a user intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.