Security audit

Todoist

Security checks across malware telemetry and agentic risk

Overview

This Todoist skill is coherent and disclosed, but users should treat it as account access that can change their tasks.

Install only if you intend your agent to use Todoist. Use a Todoist API token you can revoke, trust the todoist-ts-cli package before installing it globally, and confirm ambiguous or destructive actions such as delete, move, complete, or reopen before allowing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broad enough to activate on generic productivity, reminders, or to-do requests, which may cause the agent to invoke this Todoist-integrated skill when the user did not specifically intend account-backed task operations. In context, this increases the chance of unintended reads or writes to a user's Todoist data, especially for ambiguous requests that could be answered conversationally without taking an external action.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.