v1.0.0

Todolist Md Clawdbot

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:42 AM.

Analysis

The skill is purpose-aligned for editing Markdown todos, but it uses broad Google Drive credentials, persistent refresh tokens, and local credential files that users should review carefully before installing.

GuidanceReview this skill before installing. It appears designed for the stated Google Drive Markdown todo workflow, but authorizing it can create persistent, broad Drive access. Prefer a limited Google account or folder, confirm the OAuth scope, verify the gog binary, and revoke/delete stored tokens when you no longer need the helper.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/todolist_drive_folder_agent.mjs

const raw = execFileSync(cmd[0], cmd.slice(1), { encoding: 'utf8' });

The script executes a local gog CLI command to list Drive files. This is disclosed and purpose-aligned, but it means running the skill depends on a trusted local binary.

User impactRunning the helper will invoke local command-line tooling on your machine or agent environment.

RecommendationVerify the gog binary path and avoid setting GOG_BIN to an untrusted executable; run the helper only in an environment where local CLI execution is acceptable.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

scripts/todolist_drive_folder_agent.mjs

const gogBin = process.env.GOG_BIN || '/home/linuxbrew/.linuxbrew/bin/gog';

The helper relies on an external gog executable outside the artifact, while the declared requirements list no required binaries.

User impactThe skill's behavior partly depends on whatever gog binary is present in the runtime environment.

RecommendationDeclare gog as a required binary, pin or document the expected version, and tell users how to verify the binary before use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/todolist_agent_entrypoint.mjs

const scopes = ['https://www.googleapis.com/auth/drive'];

The helper requests the broad Google Drive OAuth scope, which can grant access beyond a single todo file or folder even though the skill's stated purpose is limited Markdown todo management.

User impactInstalling and authorizing this helper can give it broad access to your Google Drive account, not just the specific Markdown todo file you intended to edit.

RecommendationUse the narrowest feasible Drive scope, document the exact OAuth permission required, and authorize only a dedicated/limited account or folder if possible.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/todolist_agent_entrypoint.mjs

const refreshTokenFile = args.refreshTokenFile || process.env.REFRESH_TOKEN_FILE || '/root/clawd/.secrets/todolist_drive_oauth.json';

The script persists a reusable OAuth refresh token in a local secrets path, creating ongoing Drive access after the first authorization.

User impactA stored refresh token can continue to access Drive until revoked, so compromise or misuse of that file could affect your Drive data.

RecommendationStore tokens only in a protected secret manager or clearly documented path, keep file permissions restrictive, and provide clear revocation and cleanup instructions.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/todolist_drive_folder_agent.mjs

const envFile = '/root/clawd/.secrets/gog.env';

The folder helper reads a local gog credential environment file containing account/keyring settings, but the registry metadata declares no required credentials or config paths.

User impactThe helper may use existing local Google/GOG authentication material that users may not realize is part of the skill's authority.

RecommendationDeclare the required credential files and environment variables, explain exactly how they are used, and avoid reading ambient credential stores unless the user explicitly opts in.