Todo Manager
AdvisoryAudited by VirusTotal on Apr 17, 2026.
Overview
Type: OpenClaw Skill Name: xiaoming-todo-manager Version: 1.0.0 The skill bundle consists of metadata and documentation for a standard todo management tool. It lacks any executable code, network requests, or suspicious instructions, focusing entirely on task listing, prioritization, and reminders in SKILL.md and README.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user following the README would run the current latest ClawHub installer rather than a pinned version.
The installation example is user-directed and purpose-aligned, but `@latest` is mutable, so the exact installer code can change over time.
npx clawhub@latest install todo-manager
Install only from a trusted ClawHub/npm source, and prefer a pinned or official installer version if reproducibility is important.
The skill may appear to require a network-capable utility even though no reviewed instruction shows why it is needed.
The skill is otherwise instruction-only and the visible usage examples do not mention curl, so this dependency declaration is not explained by the provided artifacts.
"requires":{"bins":["curl"]}The publisher should remove the curl requirement if unused, or document exactly why it is needed.