Is dobbybud/agent-task-manager safe?

https://github.com/openclaw/skills/tree/main/skills/dobbybud/agent-task-manager

48
DANGEROUS

This skill contains a critical command injection vulnerability in cooldown.sh that allows arbitrary shell command execution through eval. Multiple sensitive credential files were also accessed during installation, raising significant security concerns.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 20/100 · 25%
Code Execution 5/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 60/100 · 10%
Behavioral Reasoning 10/100 · 5%

Findings (5)

CRITICAL Command Injection Vulnerability in cooldown.sh -95

The cooldown.sh script uses 'eval "$COMMAND"' to execute arbitrary shell commands passed as parameters. This is a textbook command injection vulnerability that allows any attacker to execute arbitrary system commands with the privileges of the executing process.

HIGH Access to Multiple Credential Files -80

During installation, the skill accessed multiple sensitive credential files including SSH keys, AWS credentials, environment files, and other authentication tokens. While files were not modified, any access to credential files raises significant security concerns.

MEDIUM Multiple Executable Scripts with File System Access -15

The skill contains several Python scripts that perform file I/O operations and could potentially be extended for malicious purposes. These scripts manage task state and could be used to establish persistence.

MEDIUM Honeypot File Access During Installation -40

Multiple canary/honeypot files designed to detect unauthorized access were accessed during the installation process, though no modifications were made.

LOW Generic Skill Description -10

The skill description is quite broad and generic, which could potentially be used to justify actions beyond the stated scope of task management.