clawdo - Todo List for Agents
PassAudited by ClawScan on May 1, 2026.
Overview
clawdo is a coherent task-queue skill, but it relies on an external npm CLI and supports persistent agent tasks that may be processed automatically when users enable auto modes.
Before installing, verify that the npm package is the intended clawdo project, keep auto and auto-notify for low-risk work, leave deployments or ambiguous changes as collab, and avoid storing secrets in task text.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may involve running code from the npm package, not just the ClawHub documentation package.
The reviewed skill package does not include the CLI implementation; using the skill requires trusting an external npm-distributed binary.
This minimal package (~7 KB) contains only documentation and license. The actual CLI tool is installed via `npm install -g clawdo`.
Install only from the expected npm/GitHub project, consider pinning versions, and review the npm package provenance before using it in important environments.
Task text can persist across conversations or scheduled runs, so sensitive data or poorly worded instructions could be reused later.
The skill stores task descriptions and state persistently so future agent runs can retrieve and act on them.
`add → inbox → start → done`. Persistent state in SQLite.
Avoid putting secrets in task descriptions, periodically review stale/proposed tasks, and treat persistent task entries as instructions that may affect future agent behavior.
If auto tasks are enabled, an agent may act later during heartbeats or cron runs rather than waiting for a live user prompt.
The documentation shows a scheduled heartbeat pattern where an agent can pick up and complete approved auto tasks outside an active conversation.
# In HEARTBEAT.md — runs every ~30 minutes TASKS=$(clawdo inbox --format json) ... clawdo start "$TASK" --json # ... do the work ... clawdo done "$TASK" --json
Keep risky or ambiguous tasks at the collab level, confirm agent proposals deliberately, and monitor the audit trail for automatic task processing.