Back to skill

Security audit

Simple Todo Manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple todo-list skill that stores tasks in a local markdown file and does not show hidden network, credential, or privileged behavior.

Install only if you want your agent to create and edit a local todo markdown file in the workspace. Set the todo_file path intentionally, and use clear task names when completing or removing items.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill uses broad natural-language triggers such as 'when the user asks to add a todo' and 'when the user asks to see todos' without defining strict invocation boundaries. In an agent setting, this can cause unintended file reads or writes when ordinary conversation is misinterpreted as an operational command, especially because the skill has workspace write access and automatically creates/modifies files.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The delete/remove workflow is triggered by very broad language ('when the user asks to delete/remove a task'), which increases the risk that ambiguous user phrasing or indirect references will be treated as authorization to delete data. Although the skill says to confirm removal, the activation condition itself is underspecified, making accidental destructive actions more likely in conversational use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.