ClawHub

滴答清单任务管理工具

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated TickTick/Dida365 task-management purpose, but it can read and change task data and stores local credentials/cache files.

Install only if you intend to give this skill read/write access to your TickTick/Dida365 account. Keep .env, .dida-token.json, and .dida-cache.json private, do not commit or sync them casually, and verify task/project IDs before approving deletes or other account-changing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares only Bash as an allowed tool, but its documented operation requires reading environment secrets, local file access to `.env`, writing cache/auth data, and making network requests to Dida365 APIs. This mismatch can hide the true capability and trust boundary of the skill from the platform and user, increasing the chance that sensitive credentials or local files are accessed without appropriate permission review.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list contains broad terms such as TODO, inbox, 项目管理, and 任务管理, which can appear in ordinary conversation and cause unintended invocation. In this skill's context, accidental activation is more risky because the skill can read task data and perform state-changing actions like create, complete, or delete tasks, potentially exposing private information or modifying user data unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
OAuth access and refresh tokens are persisted to a local JSON file in plaintext without setting restrictive file permissions or warning the user. If the host is shared, backed up, synced, or otherwise accessible to other local processes/users, those tokens can be stolen and used to access the user's Dida365 account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal