Security audit
Todoist CLI
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Todoist helper that can read and change Todoist tasks only when used with the Todoist CLI and token.
Install only if you trust the external Todoist CLI source. Treat TODOIST_API_TOKEN as a secret, verify task IDs before destructive actions like delete or move, and revoke the token in Todoist settings if you stop using the skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
39/39 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
