Back to skill

Security audit

Todoist Manager

Security checks across malware telemetry and agentic risk

Overview

This Todoist skill fits its stated purpose, but it needs review because it asks for a Todoist API token and documents live delete operations through a referenced CLI helper that is not included for inspection.

Install only if you can inspect or otherwise trust the actual todoist CLI executable that will receive your API token. Treat the Todoist token like a password, prefer a temporary environment variable or secret manager, verify IDs before any mutation, and require explicit confirmation before delete commands; rotate the token if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive commands like completing, reopening, and especially deleting tasks without any warning about irreversible effects or guidance to confirm user intent first. In an agent setting, this increases the risk of accidental data loss if the model executes a destructive command from an ambiguous or misinterpreted user request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation lists delete commands for projects, sections, labels, and comments without user-facing warnings about scope or data loss. Because these objects can organize or contain user workflow data, an agent following this skill could perform broad destructive actions without adequate safeguards or explicit consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.