ClawHub
Back to skill
v1.0.0

Task Management

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

This task manager is mostly purpose-aligned, but its unpinned external installation path and unauthenticated web/API behavior deserve review before installation.

GuidanceInstall only from a pinned, trusted release, avoid running the web server on shared networks until it has access control, and be cautious storing sensitive task details because the current API/UI design appears to allow unauthenticated reads and writes when reachable.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
pip install git+https://github.com/xfwgithub/aitask-skill.git ... wget https://github.com/xfwgithub/aitask-skill/releases/latest/download/task-skill.zip

The installation instructions fetch unpinned remote source or the latest binary release, while the registry lists no install spec or verified source, so the installed code may differ from the reviewed artifacts.

User impactA user could install a changing or unverified version of the skill rather than the exact files reviewed here.
RecommendationPin the Git commit or release version, publish checksums/signatures, and declare the install source in metadata or an install spec.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
server.go
var input struct {
    NewStatus string `json:"new_status"`
    ReviewComment string `json:"review_comment"`
}
...
err = database.UpdateTaskStatus(uuid, input.NewStatus)

The API accepts a caller-supplied status string and writes it to the database without evidence of validating allowed states or enforcing the human-review rule described in SKILL.md.

User impactA caller could mark tasks done, cancelled, or otherwise change workflow state in ways the user did not intend.
RecommendationValidate status values and state transitions server-side, and require explicit user confirmation for irreversible or human-approval actions.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
templates/tasks.html
task.tags ? task.tags.split(',').map(t => `<span class="badge badge-tag">${t}</span>`).join('') : '-'
...
container.innerHTML = '<table class="table"...'+ rows.join('') + '</tbody></table>';

User-controlled task fields such as tags are inserted into HTML via innerHTML without escaping, while other fields are explicitly escaped, indicating a browser script-injection risk in the task UI.

User impactA malicious task tag or similar field could execute JavaScript in the local task dashboard and use the unauthenticated API from the browser context.
RecommendationEscape all user-controlled fields before inserting HTML, or build DOM nodes with textContent instead of innerHTML.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
server.go
e.GET("/api/tasks", queryTasksAPI)
e.PUT("/api/tasks/:uuid/status", updateTaskStatusAPI)
addr := fmt.Sprintf(":%d", port)
e.Logger.Fatal(e.Start(addr))

The server exposes task-reading and task-updating API routes and starts on ':port', which commonly binds beyond localhost; only logging/recovery middleware is shown, with no authentication or access boundary.

User impactIf the server is reachable from other devices or processes, task contents and status changes could be accessed without a clear permission check.
RecommendationBind to 127.0.0.1 by default, add an authentication token or other access control, and clearly warn users before enabling network access.