Todoist CLI Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a transparent Todoist management skill, but it lets your agent use your Todoist token to read, create, update, and delete Todoist items.
Install this only if you want your agent to manage Todoist on your behalf. Be especially careful with deletion, archive, completion, and shared-workspace actions, and protect the Todoist API token like an account credential.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill should expect the agent to access and act on their Todoist account according to the token's permissions.
The skill requires Todoist authentication so the agent can operate using the user's Todoist account authority.
td auth token "your-token" # or export TODOIST_API_TOKEN="your-token"
Use a token only for the intended Todoist account, avoid sharing it, and revoke or rotate it if you stop using the skill.
A mistaken or overly broad agent action could change, complete, archive, or delete tasks or projects.
The documented Todoist CLI operations include modifying, completing, archiving, and deleting Todoist data.
td task update <ref> --content "New title" td task delete <ref> ... td project archive <ref> td project delete <ref>
Give clear instructions and require confirmation for destructive or large changes, especially deletes, archives, and shared/work projects.
Installing the external CLI adds a local executable that the agent will use for Todoist operations.
The skill relies on a globally installed external npm package to provide the `td` command.
npm install -g @doist/todoist-cli
Install the CLI from the official package/source, keep it updated, and verify you trust the npm package before use.