ClawHub

Todo Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local todo/reminder skill that persists and cleans up its own reminder file, with no evidence of hidden access, exfiltration, or unrelated system changes.

Install this only if you want an agent to keep reminder state between sessions and check it during heartbeat runs. Avoid storing sensitive details in todo descriptions or context, and adjust routing keywords or require confirmation if you do not want casual reminder-related language to create or modify todo entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises autonomous reminders, heartbeat checks, and persistent JSON storage but does not disclose retention, consent, or how user data is stored and reused. In an agent skill, this can lead to unanticipated collection and persistence of user task data, making privacy and autonomy risks more likely because operators may enable it without understanding the behavioral and data-handling implications.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation guidance is broad (`用户提到提醒、跟进、待办事项`) and can cause the skill to activate on ordinary conversation about reminders or follow-ups without clear user intent to use the tool. In context, the skill writes and later deletes data in local storage, so overbroad triggering can create unwanted records, reminders, or state changes that affect the user experience and data integrity.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill documentation mandates Chinese-language behavior for prompting and interaction without indicating that language should follow user preference or environment settings. This can lead to unsafe misunderstandings in task creation or scheduling, especially for time-sensitive reminders, because users may misinterpret clarification prompts or resulting todo state.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing keywords are broad, natural-language phrases such as '提醒我', '跟进', and '别忘了' that commonly appear in ordinary conversation. This can cause unintended activation of the todo-tracker skill, leading the agent to read or modify reminder state when the user did not explicitly intend to invoke this capability.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal