Todoist Litiao

Security checks across malware telemetry and agentic risk

Overview

This Todoist task skill is not malicious, but it needs review because broad activation and unguarded delete instructions could let an agent change or remove tasks unintentionally.

Install only if you want an agent to access and manage your Todoist account. Before using it, require explicit confirmation for any create, update, complete, or delete action, and be especially careful with task IDs before deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough to trigger on generic requests about tasks, reminders, or productivity, which can cause the agent to invoke this skill in many everyday contexts. Because the skill can read and modify a user's Todoist data, over-broad activation increases the chance of unintended access or task changes when the user did not clearly intend to use Todoist.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation includes a destructive deletion command (`todoist delete <id>`) but provides no warning, confirmation step, or safer workflow. In an agent setting, this can lead to irreversible task loss if the wrong task ID is selected, search results are ambiguous, or the user's request is misunderstood.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal