Todoist CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Todoist CLI helper that needs a Todoist token and can change Todoist tasks when the user asks it to.
Install only if you trust the external Todoist CLI source. Treat TODOIST_API_TOKEN as a secret, avoid placing it in shared logs or prompts, verify task IDs before destructive actions like delete or move, and revoke the token from Todoist settings if you stop using the skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
39/39 vendors flagged this skill as clean.