Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawList — AI-Powered Task Management for OpenClaw
v1.0.0Manage tasks with natural language commands to add, list, complete, prioritize, categorize, and get briefings using a JSON-based CLI tool.
⭐ 0· 67·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (task management) aligns with the actions in SKILL.md (run a local Python CLI that reads/writes a JSON task file). However the skill bundle contains no code or install steps yet the instructions expect a local script (/Users/oliverhutchins1/.openclaw/.../clawlist.py) and data file. That mismatch (instruction-only but dependent on an external, absent script) is inconsistent and unusual.
Instruction Scope
Instructions tell the agent to cd into a specific user's home path and run python3 on a local script via exec, capturing stdout and returning it to the user. While this is coherent for a local CLI-based task manager, it also means the agent will execute whatever code exists at that path — potentially arbitrary — and the SKILL.md gives the agent discretion to run these commands for scheduled briefings. The instructions do not include safeguards or checks on the script's content.
Install Mechanism
No install spec (instruction-only) — lower installer risk in itself. But because the skill references an external script that is not included or installed, the skill assumes the environment already contains unverified code. The lack of an included/official install or source increases the chance of misconfiguration or hidden behavior.
Credentials
The skill requests no credentials or env vars (appropriate). However it hard-codes an absolute path containing a specific username (/Users/oliverhutchins1/...), which is not generic and suggests the skill was packaged for a particular user or environment. That hard-coded path is disproportionate to a generic task manager skill and could cause the agent to access that user's files if present.
Persistence & Privilege
always is false (normal). The SKILL.md instructs a daily briefing agent ('Steward') to always run the brief command, meaning recurring execution of the local script. Autonomous invocation plus scheduled use increases the impact if the local script is malicious, but the skill does not request additional system-wide privileges or modify other skills.
What to consider before installing
This skill is suspicious because it contains only instructions and no code or install steps, yet tells the agent to run a Python script and read/write a JSON file at a hard-coded user path that is not included with the skill. Before installing or enabling it: (1) verify the exact file /Users/oliverhutchins1/.openclaw/workspace-main/clawlist/clawlist.py exists and inspect its source to ensure it does only the expected task operations; (2) prefer a version of the skill that includes its code or an install step from a trusted release (GitHub release, official domain); (3) remove or adapt hard-coded user paths to your environment; (4) be aware that the agent will execute that local code (including as part of scheduled briefings), so do not enable the skill if you cannot audit the script. If you cannot locate and review the referenced files, do not install or enable this skill.Like a lobster shell, security has layers — review code before you run it.
briefingvk97a5myhb9tvz33pdjp9shsn4983c5kxclawlistvk97a5myhb9tvz33pdjp9shsn4983c5kxlatestvk97a5myhb9tvz33pdjp9shsn4983c5kxproductivityvk97a5myhb9tvz33pdjp9shsn4983c5kxtasksvk97a5myhb9tvz33pdjp9shsn4983c5kxtodovk97a5myhb9tvz33pdjp9shsn4983c5kx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.