v1.0.1

todoist latest

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:54 AM.

Analysis

This skill coherently wraps the Todoist CLI, but users should trust the external CLI and be careful because it can directly change or delete Todoist tasks.

GuidanceInstall this only if you trust the td Todoist CLI source. When using it, be especially careful with commands that complete, edit, reopen, or delete tasks, and remember that task contents may be cached locally and shown to the agent.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

**Writes auto-sync**: `add`, `done`, `edit`, `delete` hit the API directly

The skill can perform direct Todoist account mutations, including completing, editing, and deleting tasks. This is aligned with the stated purpose but has real user impact.

User impactIf invoked for the wrong task or with an incorrect ID, the agent could change, complete, or delete Todoist tasks in the user's account.

RecommendationReview task IDs and intended changes before allowing destructive or account-changing actions such as delete, done, or edit.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

install spec

brew | formula: LuoAndOrder/tap/todoist-cli | creates binaries: td

The skill depends on an external CLI installed from a third-party Homebrew tap. This is central to the skill's purpose but means users must trust that external package.

User impactInstalling the external td binary gives that package code execution on the user's machine as part of normal CLI use.

RecommendationVerify the Homebrew tap or Cargo package source before installing, and keep the CLI updated from a trusted source.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

wants to interact with their Todoist account

The skill operates against the user's Todoist account. Account authority is expected for this integration, and the artifacts do not show credential leakage or unrelated account access.

User impactAnyone who can invoke the skill through the agent may cause actions using the Todoist account configured for the td CLI.

RecommendationAuthenticate the td CLI only to the intended Todoist account and revoke or rotate access if the integration is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

**Reads use cache**: `list`, `today`, `show` read from local cache

Todoist task data is read from a local cache. This is expected for the CLI, but cached task data may contain private information and can become stale.

User impactPersonal or work task details may be stored locally and read into agent context during task-listing operations.

RecommendationUse sync commands when freshness matters, and avoid placing highly sensitive information in tasks if local caching or agent visibility is a concern.