ClawHub
Back to skill
v1.0.0

Openclaw Task Reminder

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:42 AM.

Analysis

This appears to be a straightforward local task-list tool that stores tasks in an OpenClaw workspace file and shows no evidence of network access, credential use, or hidden behavior.

GuidanceThis skill is reasonable for simple local task tracking. Before installing, note that task descriptions are saved locally, so do not put passwords, tokens, or other sensitive information in them; also consider that the registry does not provide an external source homepage.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The package provenance is not linked to an external source repository or homepage, so users have less independent context about the publisher.

User impactUsers must rely on the registry artifacts and owner identity rather than an external project page when deciding whether to install it.
RecommendationReview the included source before installing and prefer verified project sources when available.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
task.js
const TASKS_FILE = path.join(process.env.HOME || process.env.USERPROFILE, '.openclaw', 'workspace', 'tasks.json'); ... fs.writeFileSync(TASKS_FILE, JSON.stringify(tasks, null, 2));

Task descriptions are written to a persistent local JSON file in the OpenClaw workspace.

User impactAnything entered as a task remains on disk and may be displayed again later, so sensitive information or adversarial text in tasks could persist across sessions.
RecommendationAvoid storing secrets in task descriptions and treat saved task text as user data rather than authoritative instructions.