Back to skill

Security audit

Todoist Natural Language

Security checks across malware telemetry and agentic risk

Overview

This Todoist skill is coherent and Todoist-focused, but it can change real tasks in your account when given your API token.

Install this only if you want OpenClaw to access and modify your Todoist account. Prefer the user-level install, keep TODOIST_API_KEY private, set TZ if date filtering matters, and require explicit confirmation before completing, updating, or deleting tasks from natural-language requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires access to a sensitive environment variable and makes network-backed Todoist API calls, but it does not declare permissions or capability expectations in a machine-enforceable way beyond the credential block. This can weaken security review and user awareness, increasing the risk of over-privileged execution or unintended external data access.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README instructs users to complete Todoist tasks but does not clearly warn that this performs a real state-changing action against the user's remote Todoist account. In an agent/CLI context, users may assume they are only querying or previewing data, which increases the risk of accidental completion of tasks without an easy undo path in the documented workflow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation language is broad enough to match generic references to tasks, due dates, or project management, not just clear Todoist-specific intent. That can cause the skill to trigger unexpectedly and perform reads or state-changing actions against a user's Todoist account when the user did not explicitly intend to use this integration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation presents examples for adding and completing tasks but does not clearly warn that the skill can modify live Todoist data. Without an explicit warning and confirmation expectations, users may treat the skill as informational and unintentionally create, alter, or complete tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.