Todoist Natural Language
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: todoist-natural-language Version: 1.0.8 The OpenClaw Todoist skill bundle is benign. The `scripts/todoist.py` script correctly uses the `TODOIST_API_KEY` environment variable for authentication and communicates exclusively with official Todoist API endpoints (`api.todoist.com`). User inputs are handled as data payloads or URL parameters, preventing shell injection or other command execution vulnerabilities. Neither `SKILL.md` nor `README.md` contain any prompt injection attempts or instructions for the AI agent to perform actions outside the stated purpose of Todoist task management. The installation instructions, while mentioning `sudo` for system-wide installation in `README.md`, are standard for such deployments and do not indicate malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act on the Todoist account associated with the provided token.
The skill requires a sensitive Todoist API token, which is expected for this integration but grants access to the user's Todoist account.
credentials:\n - name: TODOIST_API_KEY\n description: Todoist API token ...\n required: true\n sensitive: true
Only provide the token if you want OpenClaw to manage Todoist, keep the token private, and revoke it from Todoist settings if you stop using the skill.
A mistaken or overly broad command could change or permanently delete Todoist tasks.
The included script supports permanent task deletion, in addition to task creation, completion, and updates. This is related to task management but is a destructive account action.
def delete_task(task_id):\n """Delete a task permanently."""\n make_request(f"/tasks/{task_id}", method="DELETE")Confirm task IDs or matched task names before destructive actions, especially completion, update, or delete operations.
The skill may be invoked in conversations that mention tasks but are not intended to interact with Todoist.
The trigger language is broader than explicit Todoist requests, which could cause the agent to consider this skill during general task or project discussions.
Use when the user wants to manage Todoist tasks ... or any mention of Todoist, tasks, due dates, or project management.
Use the skill for explicit Todoist requests and ask for confirmation before making account changes from ambiguous task-related prompts.
Using sudo installs the skill into a system-wide OpenClaw location and may be unnecessary for normal use.
The README suggests a privileged global install path, while the included skill.json says a user install requires no sudo.
sudo cp todoist.skill /usr/lib/node_modules/openclaw/skills/\n# Or unzip manually\nsudo unzip todoist.skill -d /usr/lib/node_modules/openclaw/skills/
Prefer the no-sudo user install path from skill.json unless you intentionally need a system-wide installation.