task-reminder

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High-risk: the service exposes an unauthenticated HTTP API (with CORS wide open) that allows creating tasks which the scheduler executes by launching a Python subprocess with an unsanitized script_path/args (e.g. passing "-c" or absolute paths), enabling arbitrary remote code execution and easy data exfiltration (SMTP creds exist in a local config file), so an attacker or malicious webpage could run commands or steal secrets on the host.