Todoist Task Manager
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: todoist-task-manager Version: 1.0.0 The skill bundle is benign. It provides instructions and metadata for managing Todoist tasks using the `todoist` CLI. The `SKILL.md` file details standard installation via Homebrew, configuration steps involving local storage of an API token in `~/.config/todoist/config.json` (necessary for the tool's function), and various `todoist` CLI commands. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent for harmful purposes. All actions are clearly aligned with the stated purpose of a Todoist task manager.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to change or delete tasks if the user asks it to use these commands.
The skill documents commands that can modify, complete, or delete Todoist tasks. This is expected for a task manager, but users should be aware it can make persistent account changes.
todoist modify TASK_ID --content "New title" ... todoist close TASK_ID ... todoist delete TASK_ID
Review requested task changes before allowing delete, complete, or bulk modification commands.
Anyone or any process with access to that config file may be able to use the Todoist account through the CLI.
The skill requires a Todoist API token stored in a local config file. This is purpose-aligned for using the Todoist CLI, but the registry metadata does not separately declare a primary credential.
Get your API token from https://app.todoist.com/app/settings/integrations/developer ... echo '{"token": "YOUR_API_TOKEN"}' > ~/.config/todoist/config.jsonStore the token securely, avoid sharing the config file, and revoke or rotate the Todoist token if it may have been exposed.
The installed CLI handles Todoist account access and task operations.
The skill depends on an external Homebrew-installed Todoist CLI. This is disclosed and central to the skill's purpose, but it means users rely on that package's provenance and behavior.
Install: `brew install todoist-cli`
Install the CLI from a trusted Homebrew source and keep it updated.