Back to skill

Security audit

Todoist CLI Skill

Security checks across malware telemetry and agentic risk

Overview

This Todoist skill is transparent about what it does, but it gives an agent broad ability to change or delete Todoist data without built-in confirmation safeguards.

Install only if you want your agent to manage your Todoist account, including changing, completing, archiving, or deleting items. Before allowing destructive or broad changes, ask the agent to show the exact matched Todoist item first and require explicit confirmation. Treat the Todoist API token like an account credential and rotate it if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README prominently advertises capabilities to complete, update, delete, archive, and move Todoist objects without clearly warning users that the skill can make irreversible account changes. In an agent setting, this increases the chance that a user enables the skill without understanding it grants write/destructive actions, leading to unintended task or project modification or deletion.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad activation cues such as tasks, to-dos, reminders, and productivity, which are common everyday concepts and can cause the skill to trigger in contexts where the user did not explicitly intend to use Todoist. In a skill that can read, modify, complete, move, and delete account data, accidental activation increases the chance of unintended account actions and privacy exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs the agent on destructive and account-affecting operations like complete, update, move, archive, and delete without any warning, confirmation flow, or requirement to verify the target resource first. In this context, the skill interfaces directly with a live Todoist account, so ambiguous references like fuzzy-matched <ref> values can lead to irreversible or hard-to-recover changes if the wrong item is selected or the user did not clearly authorize mutation.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.