ClawHub

个人待办管理

v1.0.0

待办事项管理器。触发场景: (1) 用户提到 "待办"、"TODO"、"计划事项"、"任务" (2) 用户说 "帮我增加/新增/创建一个待办" (3) 用户说 "我有什么待办"、"查看待办"、"待办列表" (4) 用户说 "完成 xxx"、"开始 xxx"、"删除 xxx" (5) 用户说 "标记 xxx 为进行...

0· 46·0 current·0 all-time
byReilly.tang@tangruilin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the behavior: creating, querying, moving, and deleting todo items stored as JSON files in a workspace. GitHub issue links and file-system paths are explained and justified by the stated features.
Instruction Scope
SKILL.md instructs reading/writing four files in the workspace and prompting the user for paths. It also implies detecting if a provided path is a git repository and determining the current branch. This is within scope for a local todo manager but does require accessing user-supplied filesystem paths (and possibly reading .git or invoking git), which has privacy implications — the instructions do not ask for unrelated system files or credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by an installer, minimizing install-time risk.
Credentials
No environment variables, credentials, or external tokens are requested. GitHub integration is limited to storing full links provided by the user rather than calling the GitHub API, so credential requests would be disproportionate (and none are present).
Persistence & Privilege
The skill writes/reads files only in its workspace (todos_*.json and todos_meta.json). always is false and there is no indication it modifies other skills or system-wide configuration.
Assessment
This skill appears to do what it says: it stores your todos as JSON files in the agent workspace and can record GitHub links and filesystem paths you provide. Before installing or using it, consider: (1) It may read or probe any filesystem paths you supply (including inspecting git repos to get branch info). Do not provide sensitive system paths. (2) The skill stores full absolute paths in workspace files — review or back up the workspace if you care about privacy. (3) It does not request credentials, but if you later grant it extra permissions (e.g., cloud storage access or GitHub tokens) those would be unnecessary for the core todo functions. If you want stronger assurances, ask the skill author how it detects git branches (reads .git vs. running git) and test it in a limited environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk975q8n0esvq1v9a3y1621ah6584p7dn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments