todoist-mind
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Commands may operate on an unintended Todoist account, and the bundled token should be treated as compromised.
The skill bundles a real-looking Todoist API token in a config file. The Python script loads this config and uses the value as a Bearer token, so the skill can access or mutate the Todoist account tied to that token and the credential is exposed to anyone receiving the skill.
"todoist_api_token": "9cda6b...fe861", "sync_on_command": true
Remove the token from the skill package, rotate it in Todoist, and load credentials only from a user-controlled secret source such as an environment variable or approved credential store.
A user may run the skill expecting a harmless simulation, but it can add, complete, delete, list, or sync real Todoist data.
This documentation conflicts with scripts/todoist_api.py, which sets API_URL to https://api.todoist.com/api/v2 and calls requests.request. Users could believe the skill is non-destructive mock code while it can make live account changes.
"mock stub" ... "simulates API calls ... instead of hitting the live Todoist API"
Correct the documentation to describe live API behavior, require explicit user confirmation for destructive actions, and clearly label any test/mock mode separately from production execution.
Even a narrow task command may trigger broad Todoist account data access, increasing exposure of private task/project information to the local agent process and logs.
The script defaults to syncing all Todoist resources before every command. This broad account access is not described in the main workflows and is larger than needed for simple add/complete/delete/project-list actions.
sync_flag = config.get("sync_on_command", True) ... if sync_flag: sync_data(token) ... "resource_types": ["all"]Default sync_on_command to false, document the sync behavior, limit resource_types to the minimum needed, and ask the user before broad account reads.