ClawHub

Todoist v1 API Reference

v1.0.0

Manage Todoist tasks — list, create, complete, update, and organize tasks and projects.

0· 543·0 current·0 all-time
byChris Gradone@fluidiguana
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md instructions (cURL examples against https://api.todoist.com/api/v1/). The operations listed are consistent with a Todoist API helper. However, the registry metadata declares no primary credential while the instructions explicitly require TODOIST_TOKEN, which is a mismatch.
Instruction Scope
SKILL.md is instruction-only and limits actions to HTTP calls (curl) to api.todoist.com and formatting JSON locally. It instructs the agent to read an environment variable TODOIST_TOKEN and to set it in shell/OpenClaw config. It does not instruct reading unrelated files or other environment variables, nor sending data to endpoints outside Todoist.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. No downloads, packages, or binary installs are requested.
!
Credentials
SKILL.md requires a personal API token in TODOIST_TOKEN, which is appropriate for this purpose, but the skill's declared requirements list no env vars or primary credential. That registry omission is an incoherence: the skill will expect a secret at runtime but doesn't advertise it. The token is sensitive (personal API token) so the discrepancy merits attention.
Persistence & Privilege
always:false and default agent invocation rules apply. The skill does not request persistent installation or elevated privileges, nor does it modify other skills or system-wide configs in the instructions (it only suggests setting an env var in shell/OpenClaw config).
What to consider before installing
This skill appears to be a straightforward Todoist API reference, but before installing: 1) note the SKILL.md expects a TODOIST_TOKEN environment variable while the registry metadata doesn't list any required credentials—ask the publisher to fix that mismatch or confirm how the token should be supplied; 2) only provide a minimal-scope Todoist API token (create a dedicated integration token or a throwaway/test account token), never paste your full-account password or master token; 3) be aware the skill will make outbound HTTPS calls to api.todoist.com using your token, so only install if you trust the skill source; 4) if you want tighter control, test calls manually with curl first, or run the skill in a sandboxed environment and revoke or rotate the token after testing. If the publisher cannot explain the missing credential declaration, treat the skill cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eh560bgh80pjzd85vghwjq981g0yb
543downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Chris Gradone@fluidiguana
latest
Download

Todoist

API v1 at https://api.todoist.com/api/v1/. Auth via Bearer token.

Auth

Token stored in env var TODOIST_TOKEN. Set it in your shell or OpenClaw config:

export TODOIST_TOKEN=your-token-here

Get your token from: https://app.todoist.com/app/settings/integrations/developer

Common Operations

List tasks

curl -s "https://api.todoist.com/api/v1/tasks" \
  -H "Authorization: Bearer $TODOIST_TOKEN" | python3 -m json.tool

Filter by project:

curl -s "https://api.todoist.com/api/v1/tasks?project_id=PROJECT_ID" \
  -H "Authorization: Bearer $TODOIST_TOKEN"

Get a single task

curl -s "https://api.todoist.com/api/v1/tasks/TASK_ID" \
  -H "Authorization: Bearer $TODOIST_TOKEN"

Create a task

curl -s -X POST "https://api.todoist.com/api/v1/tasks" \
  -H "Authorization: Bearer $TODOIST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"content": "Task name", "project_id": "PROJECT_ID", "due_string": "tomorrow", "priority": 1}'

Priority: 1 (normal) to 4 (urgent). due_string supports natural language ("tomorrow", "every monday", "Feb 20").

Complete a task

curl -s -X POST "https://api.todoist.com/api/v1/tasks/TASK_ID/close" \
  -H "Authorization: Bearer $TODOIST_TOKEN"

Update a task

curl -s -X POST "https://api.todoist.com/api/v1/tasks/TASK_ID" \
  -H "Authorization: Bearer $TODOIST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"content": "Updated name", "due_string": "next friday"}'

Delete a task

curl -s -X DELETE "https://api.todoist.com/api/v1/tasks/TASK_ID" \
  -H "Authorization: Bearer $TODOIST_TOKEN"

List projects

curl -s "https://api.todoist.com/api/v1/projects" \
  -H "Authorization: Bearer $TODOIST_TOKEN"

Create a project

curl -s -X POST "https://api.todoist.com/api/v1/projects" \
  -H "Authorization: Bearer $TODOIST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Project Name"}'

List sections

curl -s "https://api.todoist.com/api/v1/sections?project_id=PROJECT_ID" \
  -H "Authorization: Bearer $TODOIST_TOKEN"

Create a section

curl -s -X POST "https://api.todoist.com/api/v1/sections" \
  -H "Authorization: Bearer $TODOIST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"project_id": "PROJECT_ID", "name": "Section Name", "order": 0}'

Move task to section

curl -s -X POST "https://api.todoist.com/api/v1/tasks/TASK_ID" \
  -H "Authorization: Bearer $TODOIST_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"section_id": "SECTION_ID"}'

Notes

  • API v2 is deprecated (410 Gone). Use v1.
  • Token is a personal API token, not OAuth.
  • Use "List projects" and "List sections" to discover your project/section IDs.
  • Prefer completing tasks over deleting them.

Comments

Loading comments...