ClawHub

TaskFlow

Security checks across malware telemetry and agentic risk

Overview

TaskFlow is a coherent local task-management skill with disclosed workspace writes, SQLite sync, and optional Apple Notes/background-sync features, but users should review privacy and automation settings before enabling them.

Install this only for a dedicated OPENCLAW_WORKSPACE you control. Decline the LaunchAgent/systemd timer unless you want continuous background sync, avoid running db-to-files while manually editing tasks, and do not publish exported JSON or Apple Notes summaries if project names, task titles, notes, or activity history are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation states the dashboard has 'zero attack surface' even though it later describes a workflow where dashboard actions directly update the live TaskFlow SQLite database. That claim is misleading and can cause operators to underestimate risk, skip authentication/authorization checks, or expose a write-capable integration as if it were read-only.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises an automatic 60-second background sync and markdown regeneration, but it does not clearly warn users that files may be modified continuously and overwritten based on sync direction. In a markdown-first agent workflow, this can cause unintended edits, race conditions, loss of manual changes, or confusion about which source is authoritative, especially when agents and humans both touch the same files.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes pushing live project status to Apple Notes without warning that potentially sensitive project data will be copied into a third-party synced note store tied to the user's Apple account. For an agent skill that may handle internal tasks, plans, and operational details, this creates a meaningful privacy and data leakage risk if users assume the feature is local or harmless.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide recommends exporting project data into a public app directory and even serving it via S3/CDN, but it does not warn that task metadata, descriptions, statuses, and activity history may be sensitive. In practice, readers may publish internal operational data to publicly accessible locations or broadly shared static hosting without any access controls or data minimization.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The integration section describes dashboard-driven direct writes to the TaskFlow SQLite database that change task state, but it does not warn about the risks of bypassing application-layer validation, authorization, concurrency controls, and audit protections. Readers may copy this pattern into production and allow a UI component or local script to mutate the source of truth unsafely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal