Skillv1.0.0

ClawScan security

Manage Your Family's todos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:14 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly implements a simple local todo manager as described, but contains several inconsistencies (undeclared env vars, mismatched 'Shared' vs 'Family' labels) and a prompt-injection signal (unicode-control-chars) in SKILL.md that warrants manual inspection before installing.
Guidance: What to check before installing: - Open SKILL.md in a plain-text editor or hex viewer and remove/inspect any strange or invisible characters (the pre-scan flagged unicode-control-chars). - Inspect todo.js yourself (it's included). Confirm it only reads/writes memory/todo.json and does not call external network endpoints or execute other programs. The provided file appears local-only and safe on that basis. - Note the metadata/README mismatch: SKILL.md mentions TELEGRAM IDs but the script does not connect to Telegram; clarify with the author if you expected messaging integration. Also SKILL.md uses 'Shared' while the code checks for 'Family' — fix the labels to avoid surprises. - The script optionally reads TODO_ADMIN_ID, TODO_PARTNER_ID, TODO_GROUP_ID env vars but these were not declared in the registry metadata. These are likely benign (user IDs), but treat them as configuration, not secrets. - Run the script in an isolated environment (or with a backup) the first time to confirm it creates only memory/todo.json and behaves as expected. If you plan to put the todo file in a shared location, ensure file permissions are set appropriately. - If you are unsure about the hidden-character finding or the metadata discrepancies, contact the publisher for clarification or avoid installing until resolved.
Findings: [unicode-control-chars] unexpected: SKILL.md triggered a unicode-control-chars detection. Hidden control characters in instruction text can be used for prompt-injection or to hide content; this is unexpected for a simple README and should be inspected in a raw text editor to confirm no hidden instructions or manipulative payloads exist.

Review Dimensions

Purpose & Capability: noteThe code (todo.js) implements a local, file-backed multi-user todo manager consistent with the name/description. However SKILL.md references Telegram IDs in configuration even though the code does not talk to Telegram, and SKILL.md and code use different labels ('Shared' in SKILL.md vs 'Family' checked in code). These are coherence/clarity issues but not direct evidence of malicious behavior.
Instruction Scope: concernSKILL.md instructs editing todo.js and running node commands (expected). However the SKILL.md was flagged for unicode-control-chars (prompt-injection pattern) — hidden/control characters may be present in the instructions. That, plus the misleading Telegram-ID guidance (which implies external integration that does not exist), means you should inspect the SKILL.md and the top of todo.js carefully before use.
Install Mechanism: okNo install spec; skill is instruction-only with a single Node.js script. Nothing is downloaded or written to system locations by the installer. This is low-risk from an install perspective.
Credentials: noteRegistry metadata lists no required env vars, but todo.js reads optional environment variables (TODO_ADMIN_ID, TODO_PARTNER_ID, TODO_GROUP_ID). These are not declared by the skill metadata — a mismatch. The env vars appear to hold user IDs (not secrets), so risk is low, but the omission is an inconsistency the author should clarify.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges. It writes a single JSON file under the current working directory (memory/todo.json), which is consistent with its purpose and has limited scope.