Todoist

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Todoist integration, but it gives an agent broad authenticated power to change or delete Todoist data without clear confirmation safeguards.

Install only if you trust Membrane and intend to let an agent access your Todoist account. Before use, require the agent to ask for explicit confirmation before creating, updating, deleting, or making any raw proxy request, and revoke the Membrane/Todoist connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises create, update, and delete actions without any guidance to confirm destructive operations with the user. In an agentic context, this can lead to unintended modification or deletion of Todoist data if the model infers permission from ambiguous prompts.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The proxy request feature enables arbitrary authenticated API calls, including write and delete operations, but the skill provides no warning or restriction guidance. Because it bypasses the curated action layer, it increases the risk of broad unintended changes, misuse of powerful endpoints, or exfiltration of sensitive Todoist data through flexible requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal