Todoist
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Todoist CLI skill, but it needs a Todoist API token and can change or delete tasks, so users should install it only if they trust the CLI package.
This skill appears purpose-aligned for managing Todoist. Before installing, make sure you trust the `todoist-ts-cli` npm package, understand that your Todoist API token lets the CLI access and modify your tasks, and double-check destructive actions like deleting or moving tasks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything using that token through the CLI can access and modify Todoist data permitted by the token.
The skill requires a Todoist API token and passes it to the Todoist CLI. This is expected for the integration, but the token grants account access.
requires: bins: ["todoist"] env: ["TODOIST_API_TOKEN"] ... todoist auth <your-token> # or export TODOIST_API_TOKEN="your-token"
Use only a Todoist token you intend to grant to this CLI, store it securely, and revoke it from Todoist settings if you stop using the skill.
The agent could make real changes to your Todoist tasks when you ask it to manage them.
The documented CLI commands can change Todoist account state, including deleting a task. These operations match the skill purpose but are still user-impacting actions.
todoist done <id> # Complete task todoist reopen <id> # Reopen completed task todoist update <id> --due "next week" todoist move <id> -p "Personal" todoist delete <id>
Review task IDs and wording before allowing completion, update, move, or delete actions, especially for ambiguous task names.
The installed CLI package is what will handle your Todoist token and commands.
The skill instructs users to globally install an external npm package using a semver range. This is purpose-aligned for a CLI skill, but users rely on that package's provenance and future compatible releases.
npm install -g todoist-ts-cli@^0.2.0
Install the CLI from a trusted npm source, consider pinning an exact reviewed version, and keep it updated intentionally.