ClawHub

Todoist Natural Language

Security checks across malware telemetry and agentic risk

Overview

This Todoist skill is purpose-aligned, but it can use your Todoist token to create, update, complete, and delete tasks, so install it only if you want that access.

Install this only in an environment where you are comfortable giving OpenClaw access to your Todoist account. Prefer the no-sudo user install, keep TODOIST_API_KEY private, set TZ if date filtering matters, and require confirmation before completing, updating, or deleting tasks from ambiguous natural-language requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires a sensitive API token and performs networked actions against Todoist, but the manifest does not declare any explicit permissions or capability boundaries. This weakens platform-level policy enforcement and review visibility, increasing the chance that a broadly triggered skill can access credentials and make remote changes without clear user or system guardrails.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description includes broad triggers such as generic mentions of tasks, due dates, or project management, which can activate the skill for conversations not clearly intended for Todoist. In context, this is risky because the skill supports state-changing operations like creating and completing tasks, so accidental routing could modify a user's Todoist data based on ambiguous requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation presents add and complete operations as routine examples without warning that they change remote account data. This increases the likelihood of users or calling agents invoking destructive or persistent actions without informed consent, especially when combined with natural-language triggering.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document describes authenticated and destructive API capabilities, including create, update, complete, reopen, and delete operations, but gives no warning that these actions can modify or remove real user data or that bearer tokens are highly sensitive credentials. In an agent skill context, this omission increases the chance an LLM-driven integration will invoke state-changing endpoints without clear confirmation, least-privilege handling, or user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes irreversible task deletion through a single command path with no confirmation, safeguard, or soft-delete behavior. In an agent setting, ambiguous user requests, prompt misinterpretation, or malicious prompt injection in surrounding context could cause permanent loss of user data.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
Hard-coding America/Chicago as a fallback timezone can cause the skill to misclassify which tasks are due 'today' for users in other regions. While not a direct compromise of confidentiality or code execution, it can lead to incorrect task filtering and unintended actions based on wrong date interpretation.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### Delete Task
```
DELETE /tasks/{task_id}
```

## Projects
Confidence
91% confidence
Finding
DELETE /tasks/{task_id}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### Delete Project
```
DELETE /projects/{project_id}
```

## Sections
Confidence
93% confidence
Finding
DELETE /projects/{project_id}

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal