Todolist Md Clawdbot Copy
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its todo-file purpose, but it uses persistent, broad Google Drive credentials and undeclared local Drive tooling that users should review carefully before installing.
Review this skill before installing. It appears intended for Google Drive Markdown todo files, not hidden exfiltration, but authorizing it may create persistent full-Drive access. Use a dedicated Drive folder/account, verify the gog binary and credential files, and revoke/delete stored OAuth tokens when no longer needed.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill may receive authority over more Google Drive content than just the intended todo Markdown files.
The helper requests the broad Google Drive OAuth scope rather than a narrower file/folder-scoped permission, while the stated purpose is editing Markdown todo files.
const scopes = ['https://www.googleapis.com/auth/drive'];
Use the narrowest possible Drive scope, prefer a dedicated folder/account, and clearly disclose the required Google credential and exact access level before installation.
A stored refresh token can keep granting Drive access after the first run unless the user revokes it or deletes the secret file.
The script persists a Google OAuth refresh token locally for reuse, creating ongoing account access that is not declared in the registry credential requirements.
const refreshTokenFile = args.refreshTokenFile || process.env.REFRESH_TOKEN_FILE || '/root/clawd/.secrets/todolist_drive_oauth.json';
Tell users where tokens are stored, how to revoke them, and avoid persistent full-Drive tokens unless strictly necessary.
Local Google/gog credentials may be exposed to the helper process environment/arguments and are not obvious from the registry requirements.
The Drive folder helper reads gog credentials and passes the keyring password through the command invocation, which is sensitive local credential handling.
`GOG_KEYRING_PASSWORD=${pw}`,Avoid passing secrets on command lines where possible, use safer credential stores, and declare the required gog account/keyring credentials.
The skill depends on local command execution and the behavior of an external gog binary.
The script executes a local gog command via sudo to list Drive files; this is aligned with the Drive workflow but is a real local execution capability.
const raw = execFileSync(cmd[0], cmd.slice(1), { encoding: 'utf8' });Install only if you trust the local gog setup, and confirm the binary path and account used before running folder-wide actions.
Users may not realize an undeclared local Drive CLI dependency will be used.
The script relies on an external gog binary even though the registry requirements list no required binaries.
const gogBin = process.env.GOG_BIN || '/home/linuxbrew/.linuxbrew/bin/gog';
Declare gog as a required dependency and document its expected version, path, and authentication requirements.
Choosing a large Drive folder could cause the agent to scan or update multiple todo files, not just one.
The intended folder runner can operate across multiple Markdown files in a Drive folder, so an overly broad root folder could affect more files than expected.
lists all `.md` under a folder, detects changes via state file, downloads only changed files, and writes back
Use a narrowly scoped Drive folder and review include/exclude or per-file opt-in settings before allowing write-back.
Todo text may be shared with the agent runtime/LLM for review.
The workflow may send extracted open-task content from Drive Markdown files to an LLM, although the instructions try to minimize the amount sent.
(Optional) call the LLM on the extracted subset, not the full document
Do not use this on todo files containing secrets or highly sensitive personal/business information unless the LLM data handling is acceptable.