v0.1.0

Todo Accelerator

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:54 AM.

Analysis

This is a coherent to-do tool, but it asks the agent to keep working tasks automatically on heartbeats, can delegate work to other agents, and has a setup path that may overwrite a chosen board file.

GuidanceReview before installing. Use a new empty board file and back up any existing notes, restrict the board and notes folder to trusted writers, disable subagent delegation unless you explicitly want it, and only enable heartbeat if you want the agent to keep picking up tasks automatically between user requests.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/todo.py

if board.exists() and _board_has_headings(board): ... sys.exit(1) ... board.write_text(board_template.read_text(encoding="utf-8"), encoding="utf-8")

Initialization only blocks an existing board file when it contains markdown ## headings, then overwrites the board path with the template. A non-empty file without such headings could be overwritten.

User impactChoosing the wrong board file during setup could replace existing local content without a full non-empty-file check.

RecommendationUse a new empty board file, make a backup before initialization, and update the script to refuse any existing file with non-whitespace content unless the user explicitly confirms overwrite.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

initialization.md

Verify heartbeat is enabled in the OpenClaw agent configuration. If it is not enabled, enable it ... Add the following instruction to HEARTBEAT.md ... Call `work-on-todo` ... to pick up a pending to-do. Follow the returned prompt

The setup creates persistent heartbeat behavior that can keep invoking the skill and working tasks beyond a single user request.

User impactAfter setup, the agent may continue picking up and acting on pending tasks during heartbeat events without asking each time.

RecommendationEnable heartbeat only if you want ongoing autonomous task work, keep the board limited to trusted tasks, and remove or disable the HEARTBEAT.md instruction when automatic processing is no longer desired.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

references/processing-work-on-todo.md

After running `work-on-todo`, the script returns a structured prompt. Follow these instructions ... Work on the unresolved issues

The skill intentionally turns task-note content into instructions for the agent to follow; this is central to the design but means note contents guide agent goals.

User impactAnyone or anything that can edit the to-do board or companion notes could influence what the agent works on next.

RecommendationTreat the board and notes as trusted control inputs, restrict write access, and consider requiring user confirmation before processing tasks from shared or externally edited notes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

initialization.md

Python 3 with PyYAML installed: `pip3 install PyYAML`

Setup depends on a manually installed, unpinned Python package. This is expected for the included Python script, but users should notice the external dependency.

User impactInstalling packages globally or from an untrusted package source can affect the local Python environment.

RecommendationInstall PyYAML from a trusted package index, preferably in a virtual environment, and consider pinning a known-good version.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

references/note-yaml-properties.md

`allow-subagent` ... Whether the agent may delegate to a subagent (true = allowed, model choice is up to the agent) ... `assigned-agent` ... the managing agent delegates to the specified agent instead of self-processing

The artifacts describe delegation to subagents or assigned agents, but do not define identity checks, permission boundaries, or what task-note data may be shared.

User impactTask details, findings, and expected deliverables may be handed to another agent without clear boundaries or per-task approval.

RecommendationDefault to no subagent delegation unless explicitly requested, define which agents are allowed, and require confirmation before sending task context to another agent.