ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Task

v0.1.0

Tasker docstore task management via tool-dispatch. Use for task lists, due today/overdue, week planning, add/move/complete, or explicit /task commands.

0· 5.3k·39 current·41 all-time
by@amirbrooks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Tasker docstore task management) match the SKILL.md: it routes natural-language or slash commands to a tool named tasker_cmd and formats CLI args for tasker. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to translating user intents into CLI arguments and invoking the tool-dispatch command (tasker_cmd). They do not instruct reading arbitrary files or environment variables, nor do they send data to unexpected external endpoints. The only side effects described are tasker operations (add/move/complete, list, resolve).
Install Mechanism
No install spec and no code files are present (instruction-only). This is the lowest-risk pattern: nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The README/SKILL.md mention a TASKER_BIN/config option and an allowlisted tasker_cmd plugin, which are reasonable operational expectations and not excessive.
Persistence & Privilege
always is false and the skill is user-invocable. disable-model-invocation is false (normal platform default), so the agent could invoke the skill autonomously — this is expected for a command-dispatch skill and the SKILL.md does not request elevated or persistent system privileges.
Assessment
This skill appears internally consistent and is basically a thin natural-language wrapper around a tasker CLI invoked via a tool-dispatch adapter. Before installing, confirm you trust and have configured the underlying tool/plugin (tasker_cmd and the tasker binary or TASKER_BIN) because the agent will execute tasker commands that can modify your task store (add/move/complete). If you do not want the agent to take actions autonomously, consider disabling autonomous invocation or set stricter allowlisting for the tasker_cmd tool. Also review the actual tasker CLI implementation (or plugin) to ensure it does not access or exfiltrate unrelated data, and ensure only necessary command scopes are permitted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsn7p6nb2yvc96zq23h20gn7zpnvf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗂️ Clawdis

Comments