tududi
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is a coherent tududi task-manager integration, but it uses an API token and can create, update, and delete task data.
This skill appears safe for its stated purpose if you want an agent to manage your tududi tasks. Before installing, make sure the configured TUDUDI_URL points to the correct tududi instance, protect the TUDUDI_API_TOKEN, and be cautious with delete or update requests because they can change your task data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill should know the agent can act through the configured tududi API token.
The skill requires a bearer token for the user's tududi instance. This is expected for the integration, but it gives the agent delegated access to the user's task-management account.
`TUDUDI_API_TOKEN` - API token from tududi Settings → API Tokens
Use a token intended for automation if tududi supports it, store it securely in the skill environment, and revoke it if the skill is no longer needed.
The agent could create, update, archive, or delete tasks and inbox items in the configured tududi instance.
The skill documents direct API calls, including deletion of tasks and inbox items. These operations are aligned with task management, but they can permanently change user data if invoked incorrectly.
curl -s -X DELETE $TUDUDI_URL/api/v1/task/{uid} \
-H "Authorization: Bearer $TUDUDI_API_TOKEN"Review requested task changes before allowing delete or bulk-update actions, and keep backups or recovery options for important task data.
A user may not realize from the registry metadata alone that setup requires a tududi URL and API token.
The registry metadata does not declare the environment variables and API token that SKILL.md says are needed. This is a metadata completeness issue rather than evidence of hidden behavior.
Required env vars: none; Primary credential: none
Confirm the skill configuration includes only the intended TUDUDI_URL and TUDUDI_API_TOKEN for the tududi instance you want the agent to manage.