Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Task Management
v1.0.0零依赖、高性能的任务管理技能。当用户需要创建、查询、更新、删除任务或获取任务统计时使用此技能。
⭐ 0· 127·0 current·0 all-time
byxinye@xfwgithub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is described as a 'zero-dependency' task manager with simple CLI usage, but the repository contains Go source, build scripts, and a web UI. The SKILL.md recommends installing via pip (a Python installer) or downloading prebuilt binaries from GitHub — pip for a Go program is incoherent. claude.json expects a './task-skill' binary in the skill cwd while SKILL.md instructs users to copy only SKILL.md into their skill directory and claims other artifacts will be 'automatically downloaded' to a Python package directory. These contradictions are disproportionate to a simple task-management description and warrant clarification.
Instruction Scope
Runtime instructions in SKILL.md ask the user/agent to run local binaries (./task-skill --server) and to copy only SKILL.md to the agent's skill folder. There are explicit warnings (e.g., do not let the AI auto-approve human reviews) which are good, but instructions implying automatic download of binaries/resources are vague. The skill's web UI loads external JS (htmx from unpkg.com), adding a remote dependency at runtime not declared in the metadata. The agent instructions give broad discretion about installing/building (pip vs wget vs building Go), which grants the agent ambiguous power to fetch/run code from the network.
Install Mechanism
No formal install spec in the registry but the package includes build.sh and start.sh that invoke 'go build', implying a Go build/install flow. SKILL.md suggests pip install of a GitHub repo (incompatible with included Go sources) or downloading ZIPs from GitHub releases (reasonable if releases actually exist). This mismatch is suspicious — either the pip instructions are incorrect/leftover or the package packaging is inconsistent. The included build script is limited to macOS/ARM64 which conflicts with 'OS restriction: none'.
Credentials
The registry declares no required env vars, but the code reads TASK_SKILL_PORT and will create a local SQLite DB. There are no API keys or other secrets requested. However, SKILL.md and templates load external scripts (unpkg.com/htmx), which introduces a remote dependency (content fetched at runtime) not reflected in requires.env. The codebase otherwise does not appear to request unrelated credentials.
Persistence & Privilege
The skill does not request 'always: true' and does not appear to modify other skills or global agent configuration. It runs as a local CLI/web server and stores data in a local SQLite DB — normal for this kind of tool. Autonomous invocation is enabled (default) but not by itself a red flag here.
What to consider before installing
Do not install or run this skill until the following are clarified: 1) Confirm the canonical source repository and whether the project is a Go program or a Python package — the SKILL.md pip instructions conflict with the included Go sources and build scripts. 2) Verify where the task-skill binary should live (claude.json expects it in the skill cwd but SKILL.md says only SKILL.md should be copied). 3) Validate prebuilt binaries (if using releases) by checking GitHub release signatures or building locally in an isolated environment; the build.sh/start.sh assume macOS ARM64 but the registry declares no OS restriction. 4) Inspect getDatabasePath (not shown in full) to confirm the DB file location and ensure it won't overwrite sensitive files. 5) Be aware the web UI loads third-party JS (unpkg.com); if you need to avoid remote content, host static assets locally. 6) Run the binary in a sandbox (container/VM) or with restricted network access until you trust the repo. If the developer cannot explain the pip instruction and the 'automatic download' claim, treat the package as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk975bbttj7yg8mfmgpmgzvph5n83fk8b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.