Back to skill
Skillv0.1.0
VirusTotal security
Kan.bn TODO API · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:57 AM
- Hash
- 404a4db6d18883dbbde0a718f84a6f90bd8b23854add28cc7eaab4f7b921e845
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kanbn-todo-api Version: 0.1.0 The skill is a functional Kan.bn API client, but it contains a high-risk behavior in `scripts/kanbn_todo.py`: the `_load_bashrc_env` function explicitly reads and parses the user's `~/.bashrc` file to extract authentication tokens. While the script attempts to filter for specific keys (`KANBN_TOKEN`, `KANBN_API_KEY`), accessing shell configuration files is an invasive and non-standard practice for a task-management skill that could lead to unintended data exposure. The rest of the bundle, including the agent instructions in `SKILL.md` and the API implementation, appears aligned with the stated purpose of managing personal tasks.
- External report
- View on VirusTotal