Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (manage/add/list/complete/delete todos) match the instructions. No extra binaries, env vars, or external services are requested, which is proportionate for a simple todo skill.
Instruction Scope
SKILL.md is narrowly scoped to todo commands and storage. However, it explicitly specifies storing todos at ~/.openclaw/workspace/todos.md. The manifest declared no required config paths, so there is an inconsistency between the metadata and the runtime instructions (the skill will read/write a file in the user's home directory).
Install Mechanism
No install spec and no code files — instruction-only skills have minimal disk footprint and no install-time code is executed.
Credentials
The skill requests no environment variables or credentials, which is appropriate. The only resource it uses is a local file path for storage; that usage is reasonable for a todo app but should have been declared in required config paths.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill privileges. It will persist data to a single user-owned file (as described), which is expected behavior for a todo manager.
Assessment
This skill appears lightweight and does what it says, but note that SKILL.md instructs the agent to read/write ~/.openclaw/workspace/todos.md even though the package metadata lists no config paths. Before installing: (1) decide whether you’re comfortable letting the agent write a file in your home directory; (2) if you prefer, create or move the file to a sandboxed location and confirm the agent uses that path; (3) because the skill source is 'unknown', consider testing it in a disposable environment first or inspecting agent logs to confirm it only manipulates the todo file; (4) if you want to be extra cautious, ask the skill author to declare the config path in the manifest so the behavior is explicit.Like a lobster shell, security has layers — review code before you run it.
latestvk9721p759yskfqs1zmncdcfan581s6ts
License
MIT-0
Free to use, modify, and redistribute. No attribution required.