Todoist
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: todoist-api Version: 1.0.4 The skill provides a legitimate integration for the Todoist API via a managed OAuth proxy service (api.maton.ai). It contains standard API documentation and Python code snippets for managing tasks, projects, and connections, and it explicitly instructs the AI agent to seek user approval for all write operations in SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using the configured key can access the connected Todoist resources allowed by the OAuth connection.
The skill relies on a Maton API key and a managed OAuth connection to access the user's Todoist account. This is expected for the integration, but it grants delegated account access.
Maton proxies requests to `api.todoist.com/api/v1` and automatically injects your OAuth token. ... Authorization: Bearer $MATON_API_KEY
Only install if you trust the Maton service, keep MATON_API_KEY private, and verify the intended Todoist connection when multiple accounts are available.
If misused, the skill could alter or delete Todoist tasks, projects, labels, sections, or comments.
The skill exposes Todoist write and delete actions, but it also provides a clear approval requirement that keeps those actions user-controlled.
**All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review each proposed write action carefully and confirm the exact resource and outcome before allowing it.
It may be harder to independently verify the publisher and service relationship before trusting the OAuth proxy and API key flow.
The package metadata does not provide a source repository or homepage, which limits provenance verification even though the skill itself is instruction-only.
Source: unknown; Homepage: none
Verify the Maton service and publisher through trusted channels before connecting a Todoist account.