Listonic
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Listonic shopping-list integration, with disclosed but important access to your Listonic credentials and ability to change or delete list data.
Before installing, be sure you are comfortable storing Listonic credentials locally and letting the agent add, update, and delete shopping-list data. Prefer refresh-token configuration, keep the credentials file private, and require explicit confirmation for deletions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring this skill gives it access to your Listonic shopping lists and the ability to act as your Listonic account for the supported operations.
The skill requires user-provided Listonic authentication material, including OAuth tokens or email/password, to access the user’s account.
Create `~/.openclaw/credentials/listonic/config.json` using **one** auth mode... `refreshToken`... Fallback: email/password mode
Prefer token-based auth over storing a password, protect the local credentials file, and revoke or rotate the token if you stop using the skill.
If invoked incorrectly, the agent could delete shopping-list items or whole lists from your Listonic account.
The skill exposes destructive Listonic operations, and the artifact appropriately instructs confirmation before deletion.
For destructive operations (`delete-item`, `delete-list`), **confirm with the user first**.
Confirm the exact list and item before deletion or rename operations, and avoid broad or ambiguous delete requests.
The skill may stop working or behave unexpectedly if Listonic changes its private API.
The skill clearly discloses that it depends on unofficial Listonic API behavior rather than a stable official integration.
This uses an **unofficial reverse-engineered API** and may break if Listonic changes it.
Use it only if you are comfortable with an unofficial integration, and re-check behavior after Listonic app or API changes.