Todo Manager

PassAudited by ClawScan on May 1, 2026.

Overview

This is a simple, coherent todo-list skill with only a minor note that todo items are stored persistently in a local file.

This skill appears safe and purpose-aligned. Before installing, note that your todo entries will be saved locally at ~/.openclaw/workspace/todos.md, so avoid storing secrets or sensitive information as todo text.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info

#ASI06: Memory and Context Poisoning

What this means

Any sensitive information entered as a todo item may persist locally until removed.

Why it was flagged

The skill explicitly stores todo items in a persistent local file. This is expected for a todo manager, but users should know that task text may remain on disk.

Skill content

待办文件：`~/.openclaw/workspace/todos.md`

Recommendation

Avoid putting passwords, secrets, or highly sensitive personal details in todo items unless you are comfortable storing them locally.