Back to skill

Security audit

Todoist CLI

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Todoist helper that can read and change Todoist tasks only when used with the Todoist CLI and token.

Install only if you trust the external Todoist CLI source. Treat TODOIST_API_TOKEN as a secret, verify task IDs before destructive actions like delete or move, and revoke the token in Todoist settings if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

39/39 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.