Back to skill

Security audit

Todo List Promax

Security checks across malware telemetry and agentic risk

Overview

This todo skill is mostly coherent, but it stores full original messages and attachments persistently and has conflicting English/Chinese rules about whether raw source messages are shown in normal todo queries.

Install only if you are comfortable with a local todo skill saving original task messages and attachments under the workspace. Avoid recording secrets, private documents, credentials, or sensitive personal details until the publisher aligns the English and Chinese instructions and clarifies that raw source messages are not shown in normal todo lists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The English summary states that queries show `source_message` for every item, while the Chinese specification says `source_message` must not be displayed. This inconsistency can cause implementations or operators to expose full original user messages during normal todo queries, leaking sensitive information unrelated to the visible task summary.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill prominently advertises permanent storage and attachment capture but does not clearly warn users that their chat content, original messages, and attachments may be stored locally on disk. This undermines informed consent and may lead users to disclose sensitive data they would not share if retention were made explicit.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The English section omits key privacy disclosures present or inferable from the full Chinese spec, including retention of source messages and attachments. English-speaking users may therefore use the skill without understanding the actual storage and retention behavior, creating a consent and privacy gap.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill directs English users to rely on an abbreviated English section while the authoritative behavior is only fully specified in Chinese. This creates a mismatch where English users and implementers may miss security-relevant rules, including what data is stored, shown, or retained, increasing the chance of unsafe behavior.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill requires permanent retention of full `source_message` content, which may include unrelated personal, confidential, or sensitive information beyond the minimal todo data needed. Long-term storage of raw chat messages expands the privacy and breach impact surface without clear necessity for core functionality.

Ssd 3

High
Confidence
98% confidence
Finding
The English summary explicitly says query output shows `source_message` for every todo item, which would expose full original user input during routine listing operations. Because source messages can contain sensitive context, links, personal data, or incidental secrets, this turns a simple query into a broad privacy disclosure channel.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.