Telegram Todo List
v1.0.1Manage your TODO.md todo list via Telegram with commands to query, organize (add/edit/delete/move), and execute (complete) tasks.
⭐ 0· 849·2 current·2 all-time
byBugIt@hengbo12345
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and SKILL.md describe a Telegram bot with /todo commands, but the included Python script has no network/Telegram API code, no webhook/long-polling, and requests no Telegram credentials. The script only reads/writes a local TODO.md in the agent workspace, so the 'Telegram' aspect is missing or misleading.
Instruction Scope
SKILL.md instructs the agent to support query/organize/execute semantics (including timestamp updates, moving tasks between sections, and accurate numbering). The implementation reads/writes TODO.md and formats output, but many behaviors described are not implemented or are implemented incorrectly (e.g., timestamp updates on completion are not added, task-number → line mapping logic is flawed, delete_task logic is incorrect). Instructions do not direct reading of unrelated files or external endpoints, but they claim capabilities the code does not provide.
Install Mechanism
No install spec — instruction-only + a single script. Nothing is downloaded or written by an installer. This is the lowest install risk.
Credentials
No environment variables or credentials are requested (appropriate for a local file-based todo manager). The script uses a hardcoded workspace path (/root/.openclaw/workspace/TODO.md) which matches SKILL.md; this grants access only to the agent workspace but should be noted (it will create/overwrite that file).
Persistence & Privilege
The skill is not marked always:true and does not request elevated privileges or modify other skills. It writes a TODO.md template into the workspace on missing-file errors — expected for this purpose.
What to consider before installing
This skill is internally inconsistent rather than obviously malicious: it claims to be a Telegram bot but contains only a local TODO.md manager and several buggy implementations (task numbering, delete, and timestamp handling). Before installing or enabling it for autonomous use, consider: 1) Do you need actual Telegram integration? If so, request or add secure Telegram API code and credentials handling. 2) Backup any existing /root/.openclaw/workspace/TODO.md — the skill will create/overwrite that file. 3) Review and test the script in a sandboxed environment (non-production workspace) to confirm behavior and fix bugs (marking complete, deleting, numbering, timestamps). 4) Ask the author to clarify purpose and provide a README or remove 'Telegram' from the name if it is only a helper library. Because of these mismatches and implementation issues, treat this skill cautiously and do not enable it with sensitive data or broad autonomous access until corrected.Like a lobster shell, security has layers — review code before you run it.
latest
BugIt@hengbo12345
DownloadTelegram Todo List
Manage a Todo List stored in TODO.md through Telegram bot commands.
Commands
1. 查询 (query)
Usage: /todo query
Description: Display current todo list with status
Behavior:
- Read TODO.md file
- Parse tasks (both completed [x] and pending [ ])
- Format and display in clean table/list
- Show statistics (total tasks, completed, pending)
Example Output:
📋 待办事项列表
今日任务 (2026-02-12)
- [ ] 学习并掌握 skill-creator 技能介绍
- 理解技能创建的核心原则
待办总数:6 项未完成
已完成:1 项
2. 整理 (organize)
Usage: /todo organize
Description: Update, optimize, or restructure the todo list
Behavior Options:
- Add new task: User specifies task content
- Delete task: User specifies task number to remove
- Move task: Change task priority/order
- Edit task: Modify task content or check/uncheck status
- Batch operations: Add multiple tasks at once
Input Format: ``/todo organize <action> <details>
**Actions**:
- `add`: Add new task(s)
- `delete`: Remove task by number
- `move`: Move task to different position
- `edit`: Modify task content
- `check`: Mark task as completed
- `uncheck`: Mark task as uncompleted
**Example**:
``/todo organize add 学习Markdown语法
/todo organize delete 3
/todo organize move 1 to top
3. 执行 (execute)
Description: Complete a specific task
Behavior:
- Mark task as completed [x]
- Update timestamp
- Remove from active list
- Move to completed section
- Show confirmation
Input Format: ``/todo execute <task_number>
**Example**:
``/todo execute 1
File Structure
Storage: TODO.md in workspace root
/root/.openclaw/workspace/TODO.md
File Format:
# TODO List
## 今日任务 (2026-02-12)
- [ ] **Task 1**
- Subtask 1
- Subtask 2
- [ ] **Task 2**
---
## 待完成任务
### Category
- [ ] **Task 3**
---
## 已完成任务
- [x] **Completed Task**
- 记录时间:2026-02-12 07:55 UTC
- 内容:Task description
Implementation Details
Parsing Tasks
Regular Expression:
- \[([ x])\]\s*\*\*(.+?)\*\*.*?$ # Main task
- (.+)$ # Subtasks
Status:
[x]= completed[ ]= pending
Display Format
Clean Table:
📋 待办事项
今日任务 (2026-02-12)
1. [ ] Task 1
2. [ ] Task 2
待办总数:2 项未完成
已完成:0 项
Error Handling
Task Not Found:
- "未找到任务 #N"
- Ask user to verify task number
Invalid Format:
- "格式错误,请使用正确的命令格式"
- Show usage example
File Read Error:
- "无法读取 TODO.md,请检查文件权限"
- Try to recreate default template
User Experience
Confirmation Messages:
- Task completed: "✅ 已完成任务 #N"
- Task deleted: "🗑️ 已删除任务 #N"
- Task added: "➕ 已添加任务"
Progress Indicators:
- Show real-time count updates
- Calculate completion percentage
- Highlight pending vs completed
Tips
- Task Numbers: Always reference task by number in organize/execute commands
- Indentation: Keep consistent spacing for subtasks
- Comments: Lines starting with
#are ignored - Status Updates: Execute updates both visual status and file content
Examples
User: /todo query
Bot shows full todo list
User: /todo organize add 学习CSS
Bot adds task and shows confirmation
User: /todo execute 2
Bot marks task #2 as completed and updates list
User: /todo organize delete 5
Bot removes task #5 from list
Comments
Loading comments...