ClawHub

todoist-orbit

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Todoist command-line skill, but it can change, delete, and upload data in the user's Todoist account when invoked.

Install only if you want this skill or agent to manage your Todoist account. Keep the Todoist API token private, verify target IDs before update/archive/delete/close commands, and review any file or stdin content before uploading it to Todoist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The description prominently includes destructive operations such as deleting labels, closing tasks, and archiving projects, but it does not warn that these actions change live remote state and may be hard to reverse. In an automation context, lack of warning increases the chance of accidental destructive use, especially when users invoke the skill for broad task-management workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation tells users to set TODOIST_API_KEY without identifying it as a sensitive secret or warning against exposing it in logs, shell history, screenshots, or committed config files. Because this key authorizes access to the user's Todoist account, poor handling could enable unauthorized reading and modification of their tasks, projects, comments, and attachments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The attachment and add-file/add-stdin examples encourage sending local file contents and multi-line notes to Todoist, but they omit a privacy warning that this data leaves the local machine and is stored on a third-party service. In practice, users may upload sensitive logs, transcripts, or generated output without realizing the transfer and retention implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal