ClawHub

Todoist Manager

Security checks across malware telemetry and agentic risk

Overview

The skill’s Todoist purpose is coherent, but it asks users to use a sensitive Todoist token with a CLI helper that was referenced but not included for review.

Install only if you can inspect or otherwise trust the exact todoist CLI executable that will receive your API token. Use a temporary environment variable or secret manager, avoid shared terminals, and confirm the target ID/name before any update or delete command. Revoke or rotate the Todoist token if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to export a long-lived Todoist API token into an environment variable but provides no warning about treating the token as sensitive, avoiding shell history leakage, or limiting exposure in shared environments. If mishandled, the token could allow unauthorized access to the user's Todoist account and remote data operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents destructive task operations such as complete, reopen, and delete without any caution that these commands change remote state and may permanently remove data. In an agent-driven context, lack of explicit warnings increases the chance of accidental execution against a real account, causing unintended task loss or workflow disruption.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes delete operations for projects, sections, labels, and comments without warning that these actions affect live remote data and may not be recoverable. Because these objects organize user workflows, accidental deletion can have broader impact than a single task and may cause substantial disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal