Todozi - Your Ai Task Manager
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: todozi Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of webhook creation functionality (`create_webhook` and `register` methods in `scripts/todozi.py`, documented in `SKILL.md` and `references/api_reference.md`). These methods allow the skill to send data (webhook events, including potentially sensitive item details or newly registered API keys) to an arbitrary, user-defined URL. While this is a legitimate API feature, it presents a significant risk for data exfiltration if the AI agent is compromised via prompt injection, as it could be instructed to send data to an attacker-controlled endpoint. The `register` function also returns a `private_key` which could be exfiltrated.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or user using these methods could complete, modify, or delete multiple tasks or notes in the Todozi account.
The skill explicitly exposes bulk mutation and deletion operations for Todozi items. This is purpose-aligned for a task manager, but it can change or remove account data if invoked.
await client.bulk_update([...]) await client.bulk_complete(["id1", "id2"]) await client.bulk_delete(["id1", "id2"])
Use bulk operations only with explicit user intent, review item IDs before destructive actions, and avoid giving agents open-ended instructions to clean up or delete tasks.
Whoever can use the configured API key may be able to access and mutate Todozi account data through the exposed client methods.
The client reads an API key and sends it in the x-api-key header to the configured Todozi API base URL. This is expected for the integration, but it is account-level credential handling.
self.api_key = api_key or os.getenv("TODOZI_API_KEY")
self.base_url = base_url or os.getenv("TODOZI_BASE", self.BASE_URL)
self.headers = {
"x-api-key": self.api_key or "",Use a Todozi API key scoped to the intended account, keep it out of shared logs/prompts, and only override TODOZI_BASE with a trusted endpoint.
Task, goal, note, or matrix event details may be sent to the configured webhook destination until the webhook is deleted or changed.
The API supports persistent webhooks to arbitrary URLs, including a wildcard for all events. This is documented and purpose-aligned, but it can forward task and matrix event data outside Todozi.
PUT /api/webhook/:id ... { "url": "https://newurl.com", "events": ["*"] // all events }Configure webhooks only to trusted URLs, limit events where possible instead of using '*', and remove webhook subscriptions that are no longer needed.