ClawHub

Text Based - Todo List Agent Manager

v1.4.1

A structured, conversational task management system based on GTD and Eisenhower (V3.2 Protocol). This skill strictly confines persistence to its own skill di...

1· 1k·3 current·3 all-time
by@mtyatno
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (todo list manager) matches the included files and code: index.js implements add/edit/done/show/REVIEW behavior and persisted state/rules/display config are bundled with the package.
Instruction Scope
Runtime instructions and code operate only on local files (task_state.json, display_config.json, todo-rules-v3.2.md). There is no network I/O, no environment variable access, and no steps that ask the agent to read unrelated system files. Minor note: parsing and text-handling logic has quirks (e.g., parseArgs may include structured tokens in text buffer) that affect behavior but not security.
Install Mechanism
No install spec (instruction-only in metadata) and the package contains only small local files (JS + JSON + docs). Nothing is downloaded from external URLs or installed globally.
Credentials
The skill declares no required environment variables, no credentials, and the code does not access process.env or other secrets. The requested scope is minimal and appropriate for a local todo manager.
Persistence & Privilege
The skill persists state to disk (task_state.json). This is expected for a todo manager. The code builds SKILL_DIR using path.join(__dirname, '..', 'claw-todolist') which, while likely resolving to the skill folder in normal deployments, is an odd construction — verify that state files will be created where you expect and that file permissions are acceptable.
Assessment
This skill appears self-contained and only reads/writes files bundled with the package (no network calls or credentials). Before installing: (1) review the index.js file yourself (it is short) if you have concerns, (2) confirm where the runtime will write task_state.json (the code builds a path that should resolve to the skill directory but you may want to test in a sandbox), and (3) ensure the skill runs with minimal filesystem permissions (it only needs to read/write its own directory). If you need stricter isolation, run it in a confined environment or inspect/modify the SKILL_DIR path to an explicit expected folder.

Like a lobster shell, security has layers — review code before you run it.

latestvk976t6bdma6g0a15xw7exnm13981c6cp
1kdownloads
1stars
6versions
Updated 1mo ago
v1.4.1
MIT-0
@mtyatno
latest
Download

claw-todolist Skill

This skill implements the Todo List Management Protocol V3.2, enabling structured task management via conversational commands.

Core Protocol (Commands)

This skill understands aliases: a (ADD), x (DONE), ls (SHOW), e (EDIT). It also understands the REVIEW command for automated structural analysis.

Features & Output Style

  • Structure: Tasks are persisted locally using defined rules (V3.2).
  • Visuals: Full list output (ls) defaults to Text Format with Priority Group Headers and Weight ⭐ placed after the task text.
  • Review: Command REVIEW triggers an automated analysis based on predefined thresholds (P1 Ratio, Overdue, Aging, Strategic Neglect).

Persistence

All state, rules, and display configs are bundled within the skill folder for deterministic installation.

Comments

Loading comments...