Todoist Natural Language
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill’s Todoist access is coherent with its purpose, but it requires a Todoist API token and can modify tasks, so users should review those permissions before installing.
Install this if you want OpenClaw to read and manage your Todoist tasks. Before use, set the Todoist API token only in a trusted environment, prefer the no-sudo user install path, and confirm destructive task changes such as completion or deletion.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act on the Todoist account associated with the provided token.
The skill requires a sensitive Todoist API token, which is expected for this integration but grants access to the user's Todoist account.
credentials:\n - name: TODOIST_API_KEY\n description: Todoist API token ...\n required: true\n sensitive: true
Only provide the token if you want OpenClaw to manage Todoist, keep the token private, and revoke it from Todoist settings if you stop using the skill.
A mistaken or overly broad command could change or permanently delete Todoist tasks.
The included script supports permanent task deletion, in addition to task creation, completion, and updates. This is related to task management but is a destructive account action.
def delete_task(task_id):\n """Delete a task permanently."""\n make_request(f"/tasks/{task_id}", method="DELETE")Confirm task IDs or matched task names before destructive actions, especially completion, update, or delete operations.
The skill may be invoked in conversations that mention tasks but are not intended to interact with Todoist.
The trigger language is broader than explicit Todoist requests, which could cause the agent to consider this skill during general task or project discussions.
Use when the user wants to manage Todoist tasks ... or any mention of Todoist, tasks, due dates, or project management.
Use the skill for explicit Todoist requests and ask for confirmation before making account changes from ambiguous task-related prompts.
Using sudo installs the skill into a system-wide OpenClaw location and may be unnecessary for normal use.
The README suggests a privileged global install path, while the included skill.json says a user install requires no sudo.
sudo cp todoist.skill /usr/lib/node_modules/openclaw/skills/\n# Or unzip manually\nsudo unzip todoist.skill -d /usr/lib/node_modules/openclaw/skills/
Prefer the no-sudo user install path from skill.json unless you intentionally need a system-wide installation.