Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Task Memory
v1.2.0任务遗忘防护系统 — 解决 AI Agent 任务发出但未执行的记忆漏洞问题。 当需要创建、追踪、管理长期任务时使用,特别是:提出或承诺了某项计划后、设置 cron/自动化任务时、任务状态变更后、晨间/心跳检查时。 核心功能:通过 todo.json 持久化任务状态,todo_manager.py 管理增/查/改...
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md describes a simple, local todo.json stored in the skill's references/ directory (or current directory). The shipped script instead uses a hardcoded TODO_FILE = "/home/openclaw/.openclaw/workspace/backtest/todo.json". This does not match the stated default path and indicates the code will read/write outside the skill bundle (and possibly overwrite or create files in an unexpected user home path).
Instruction Scope
SKILL.md instructs agents to run the script for add/check/list/done/etc and implies use of references/todo.json and optional push-to-IM in heartbeats. The script implements add/check/list/done operations but: (a) ignores the references/todo.json shipped in the package (because of the hardcoded path), and (b) does not itself implement network push to QQ/IM (it only prints to stdout). The runtime instructions therefore assume a different file layout/behavior than the code actually uses.
Install Mechanism
No install spec or external downloads; the skill is instruction+script only. No packages or remote installs are performed.
Credentials
The skill declares no required env vars or config paths, but the script requires filesystem write access and uses a hardcoded absolute path under /home/openclaw/.openclaw/... rather than a relative path or configurable location. That is disproportionate to the stated purpose (which implied local skill-scoped storage) and could unintentionally read/modify files in a host user's home.
Persistence & Privilege
The skill persists data to disk (normal for a todo tool). It does not request elevated platform privileges nor set always:true. The main issue is the persistence location (absolute path) which gives broader filesystem presence than the docs imply.
What to consider before installing
This skill appears to be a legitimate todo manager, but it's inconsistent: the documentation says todo.json will live in the skill/current directory (references/todo.json), while the script writes to /home/openclaw/.openclaw/workspace/backtest/todo.json. Before installing or running: 1) Do not run it as-is on a machine where /home/openclaw/... might exist and contain important data. 2) Inspect and edit scripts/todo_manager.py to point TODO_FILE to a safe, relative path (for example ./references/todo.json) or make the path configurable (env var or command-line option). 3) Run the script in a sandbox or test environment first to confirm behavior. 4) If you expect IM push integration, note the script does not implement it — that would need explicit, separate code. These mismatches are likely an oversight but are material; fix the file-path handling (or require/declare a configurable path) before trusting it with real data.Like a lobster shell, security has layers — review code before you run it.
latestvk9743xg2gbmysp520c1caxbdjh841gp1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.