ClawHub

Todoist v1 API Reference

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Todoist API reference skill, but users should treat the Todoist token as sensitive and confirm destructive task changes.

Safe to install as a reference skill if you trust agents using your Todoist account. Set TODOIST_TOKEN only in trusted environments, rotate it if exposed, and require explicit confirmation before creating, updating, completing, or deleting Todoist data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest description says the skill manages tasks and projects but does not explicitly disclose that it can permanently delete tasks. This mismatch can mislead users or higher-level agents about the skill's destructive capabilities, increasing the risk of unintended data loss when the skill is invoked.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents a DELETE request for tasks without any warning that the action is destructive or may be irreversible. In an agent setting, omission of such safeguards can lead to accidental task loss if a user request is ambiguous or the agent chooses deletion instead of safer alternatives like completion.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file instructs users to place a personal API token in an environment variable but does not warn that the token is sensitive and grants account access. Without handling guidance, users may expose the credential through shell history, logs, screenshots, shared configs, or subprocess environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal