topydo
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without care, the assistant could remove or alter tasks in the user’s todo.txt file.
The skill documents commands that can delete or bulk-modify todo.txt entries. This is expected for a task manager, but users should review before running destructive commands.
Delete by ID: ```bash topydo del 1 ``` Delete multiple: ```bash topydo del 1 2 3 ``` Delete by expression: ```bash topydo del -e completed:today ```
Confirm the intended task IDs or filters before running delete, edit, archive, sort, or bulk completion commands.
Installing external packages adds normal dependency and provenance risk, especially when versions are not pinned.
The skill instructs users to install an external CLI package, including optional extras. This is central to the stated purpose, but the registry has no install spec and the package versions are not pinned.
pip3 install topydo ... pip3 install 'topydo[columns,prompt,ical]' ... sudo apt install python3-pip && pip3 install topydo
Install topydo from trusted package repositories and consider pinning or verifying the package version before use.