Back to skill
Skillv1.0.1
ClawScan security
TODO Tracker (Safe) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 1:41 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: a local, shell-based todo tracker that only needs standard text tooling and a writable TODO file and does not perform networking or request unrelated secrets.
- Guidance
- This script is a local, file-based TODO manager and appears to do only safe, text-file operations. Before installing: ensure you are comfortable the default path (~/.openclaw/workspace/TODO.md) is acceptable (or set TODO_FILE), create the containing directory with correct permissions so the script can initialize the file, and be aware the agent may autonomously show the summary (heartbeat) which will read that file. If you want to be extra cautious, review the included scripts/todo.sh yourself — it contains the full implementation and no network/calls to external services were found.
Review Dimensions
- Purpose & Capability
- okName/description (local TODO tracker) align with what is present: a bash script that reads/writes a TODO.md and uses bash/grep/awk/sed. No unrelated credentials, binaries, or network access are requested.
- Instruction Scope
- noteSKILL.md and the script limit actions to local file operations, listing, adding, marking done, and summarizing tasks. The README and SKILL.md claim no env vars except TODO_FILE, but the script also reads HOME to build a default path (normal for local tools). The skill states it may display a summary on heartbeat — that implies autonomous invocation may cause periodic reads of the TODO file, which is consistent with the stated behavior.
- Install Mechanism
- okNo install spec; instruction-only with an included script. Nothing is downloaded or written by an installer, so there is no remote install risk.
- Credentials
- noteNo required environment variables are declared. The script optionally respects TODO_FILE (reasonable). It also uses HOME implicitly to compute the default path — this is typical for a local file-based tool but is a minor mismatch with the SKILL.md phrasing that claimed 'no env var reading except TODO_FILE.'
- Persistence & Privilege
- okalways:false and no modifications to other skills or global agent configs. The script writes only to the user-specified (or default) TODO file; it requires an existing writable directory to create the file and will error otherwise.