Skillv0.1.0

ClawScan security

Todo Boss · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 1:08 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's single provided script roughly matches the stated TODO capture purpose but the SKILL.md and implementation are inconsistent and incomplete, and the script has robustness/privacy issues that could lead to data corruption or accidental capture of sensitive text.
Guidance: This skill is incomplete and has some fragile and privacy-sensitive behavior. Before installing or using it, consider: (1) It only provides add_task.sh—commands mentioned in SKILL.md (listing, marking done, reports) are missing. Expect limited functionality unless you add more scripts. (2) The script looks for 'owner:' and 'due:' in English but the SKILL.md follow-up prompts are Korean, so extraction may fail; test inputs to confirm behavior. (3) The script writes the entire raw user text to a plain JSONL file in ~/.openclaw/workspace/data/todo — do not send secrets or private data through it. (4) The embedded Python heredoc interpolates shell variables without escaping; inputs containing quotes, backslashes, or newlines can break the script and corrupt the log. Consider fixing the script to safely escape or pass data to Python (e.g., use python -c with json.dumps of arguments or read from stdin), and implement missing features (list, done, report) before relying on it. If you cannot review/modify the script, run it in a controlled/test environment and avoid sending sensitive content.

Review Dimensions

Purpose & Capability: noteThe stated purpose (task capture, delegation, daily reports via Telegram) is consistent with a local append-only log approach. However the repository only contains add_task.sh while SKILL.md documents many commands (/todo_done, /todo_list, /todo_delegated, /todo_report) and a derived cache; those other commands and listing/mark-done logic are missing, so the package is incomplete relative to its claimed functionality.
Instruction Scope: concernSKILL.md instructs the agent to call the provided add_task.sh and to ask follow-ups when owner/due are missing. The script itself only appends a JSONL event with the raw user text and does simple pattern parsing for 'owner:' and 'due:'. Concerns: (1) the SKILL.md's follow-up policy and Korean prompts contrast with the script's English 'owner:'/'due:' parsing—mismatch may break extraction; (2) the script stores the full raw text (potentially sensitive) without warning or redaction; (3) the inline Python heredoc interpolates shell variables directly into Python source without escaping, so user input containing quotes, newlines, or special characters can break the Python snippet and corrupt the log or cause the script to fail; (4) there is no code here to finalize drafts, update events, list tasks, or mark tasks done despite SKILL.md promising those features.
Install Mechanism: okInstruction-only plus a shell script means nothing is downloaded or installed. The script requires standard system tools (bash, sed, date, python3) but there is no install‑time network activity or unusual installers.
Credentials: noteNo secrets or external credentials are requested, which is appropriate. The script reads $HOME and writes under ~/.openclaw/workspace/data/todo—this is expected for a local task log, but users should know data is stored in plain text under their home directory and could be read by other local processes or backed up to cloud storage.
Persistence & Privilege: okalways:false and no special agent-wide modifications. The script writes files under the user's home, which is consistent with a local task tracker. It does not attempt to modify other skills or system settings.