topydo
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: topydo Version: 1.0.5 The OpenClaw AgentSkills skill bundle for 'topydo' is benign. The `SKILL.md` file provides clear, descriptive instructions for installing and using the `topydo` CLI tool for managing todo.txt tasks. All commands demonstrated are standard interactions with the `topydo` utility or common package managers for installation (brew, pip, apt). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent. The content is entirely aligned with the stated purpose of a task management tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without care, the assistant could remove or alter tasks in the user’s todo.txt file.
The skill documents commands that can delete or bulk-modify todo.txt entries. This is expected for a task manager, but users should review before running destructive commands.
Delete by ID: ```bash topydo del 1 ``` Delete multiple: ```bash topydo del 1 2 3 ``` Delete by expression: ```bash topydo del -e completed:today ```
Confirm the intended task IDs or filters before running delete, edit, archive, sort, or bulk completion commands.
Installing external packages adds normal dependency and provenance risk, especially when versions are not pinned.
The skill instructs users to install an external CLI package, including optional extras. This is central to the stated purpose, but the registry has no install spec and the package versions are not pinned.
pip3 install topydo ... pip3 install 'topydo[columns,prompt,ical]' ... sudo apt install python3-pip && pip3 install topydo
Install topydo from trusted package repositories and consider pinning or verifying the package version before use.