ClawHub

Todos

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local todo manager that stores and edits tasks in one disclosed JSON file.

Install if you want a simple local todo helper. Avoid putting passwords, tokens, or highly sensitive details in todo titles because they are saved on disk until deleted, and review destructive delete commands before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation states that it reads and writes a local JSON file under the user's home directory, but the manifest does not declare any permissions. This creates a transparency and policy-enforcement gap: a host may grant the skill file access implicitly or fail to present meaningful consent, increasing the risk of unintended data exposure or tampering in local workspace state.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase "待办" is very broad and likely to appear in ordinary conversation, which can cause accidental activation of the skill. In a skill that performs file-backed state changes such as adding, completing, or deleting tasks, unintended invocation can modify user data without clear intent.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The trigger phrase "任务管理" is ambiguous and may match general discussion rather than an intentional skill invocation. While less likely to be used casually than "待办," it can still cause unreliable routing and unintended execution of file-writing actions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal