ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TODO Tracker

Persistent TODO scratch pad for tracking tasks across sessions. Use when user says "add to TODO", "what's on the TODO", "mark X done", "show TODO list", "remove from TODO", or asks about pending tasks. Also triggers on heartbeat to remind about stale items.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 5.3k · 42 current installs · 46 all-time installs
byJonathan Rhyne@jdrhyne
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the provided files: SKILL.md and scripts/todo.sh implement a persistent TODO.md scratch pad. The skill only needs standard POSIX tooling (awk/sed/grep/mv) which is appropriate for the described functionality. There are no unrelated environment variables, binaries, or external services requested.
Instruction Scope
Runtime instructions confine activity to creating, reading, and updating TODO.md in the workspace and invoking the included bash script. The script uses pattern matching (grep/sed) to find and manipulate items and supports a heartbeat summary that will include counts and short item lines. This is within scope, but two operational notes: (1) pattern-based matching can accidentally match multiple items or unintended text (risk of unintentional deletion/move), and (2) the heartbeat/summary will cause TODO contents (or summaries of them) to be included in agent responses — avoid putting secrets in the TODO file.
Install Mechanism
No install spec or external downloads — instruction-only with a bundled script. Nothing is written to disk by a network installer; the only file modifications are to TODO.md in the workspace via the included script.
Credentials
The skill declares no required env vars or credentials (and indeed the script has no secret-requiring behavior). The script does allow overriding TODO_FILE via the TODO_FILE environment variable (defaulting to TODO.md) even though no env is declared — this is reasonable but worth noting. Crucially: any sensitive information added to TODO.md will be stored in plaintext and may be echoed in summaries or agent responses, so users should not put secrets in the TODO.
Persistence & Privilege
always:false (not force-included). The skill doesn't request persistent elevated privileges or modify other skills or global agent settings. Its persistence is limited to maintaining a file in the workspace and optionally participating in heartbeat summaries.
Assessment
This skill appears to do exactly what it says: maintain a local TODO.md using a bundled bash script. Before installing, consider: (1) back up any existing TODO.md in your workspace (the script will create/modify TODO.md by default), (2) do not store credentials or sensitive text in the TODO file because heartbeat summaries and agent responses may reveal its contents, (3) if you want the file in a different location set TODO_FILE to a path you control, and (4) pattern-matching commands (done/remove) match by text and may affect multiple items — review matches before running in critical workspaces. If any of these behaviors are undesirable, review or edit scripts/todo.sh (it's plain shell) before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977jj5x342jph8fekj1pqw6fd7zc6s9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

TODO Tracker

Maintain a persistent TODO.md scratch pad in the workspace.

File Location

TODO.md in workspace root (e.g., /Users/nuthome/nuri-bot/TODO.md)

Commands

View TODO

When user asks: "what's on the TODO?", "show TODO", "pending tasks?"

cat TODO.md

Then summarize the items by priority.

Add Item

When user says: "add X to TODO", "TODO: X", "remember to X"

bash skills/todo-tracker/scripts/todo.sh add "<priority>" "<item>"

Priorities: high, medium, low (default: medium)

Examples:

bash skills/todo-tracker/scripts/todo.sh add high "Ingest low-code docs"
bash skills/todo-tracker/scripts/todo.sh add medium "Set up Zendesk escalation"
bash skills/todo-tracker/scripts/todo.sh add low "Add user memory feature"

Mark Done

When user says: "mark X done", "completed X", "finished X"

bash skills/todo-tracker/scripts/todo.sh done "<item-pattern>"

Matches partial text. Moves item to ✅ Done section with date.

Remove Item

When user says: "remove X from TODO", "delete X from TODO"

bash skills/todo-tracker/scripts/todo.sh remove "<item-pattern>"

List by Priority

bash skills/todo-tracker/scripts/todo.sh list high
bash skills/todo-tracker/scripts/todo.sh list medium
bash skills/todo-tracker/scripts/todo.sh list low

Heartbeat Integration

On heartbeat, check TODO.md:

  1. Count high-priority items
  2. Check for stale items (added >7 days ago)
  3. If items exist, include brief summary in heartbeat response

Example heartbeat check:

bash skills/todo-tracker/scripts/todo.sh summary

TODO.md Format

# TODO - Nuri Scratch Pad

*Last updated: 2026-01-17*

## 🔴 High Priority
- [ ] Item one (added: 2026-01-17)
- [ ] Item two (added: 2026-01-15) ⚠️ STALE

## 🟡 Medium Priority
- [ ] Item three (added: 2026-01-17)

## 🟢 Nice to Have
- [ ] Item four (added: 2026-01-17)

## ✅ Done
- [x] Completed item (done: 2026-01-17)

Response Format

When showing TODO:

📋 **TODO List** (3 items)

🔴 **High Priority** (1)
• Ingest low-code docs

🟡 **Medium Priority** (1)  
• Zendesk escalation from Discord

🟢 **Nice to Have** (1)
• User conversation memory

⚠️ 1 item is stale (>7 days old)

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…