Manage Your Family's todos
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This skill is reasonable to install if you want a simple local JSON-backed todo list. Before using it, make sure Node.js is available, understand that todos persist in memory/todo.json relative to the command’s working directory, avoid putting highly sensitive family information in tasks, and do not treat the configurable user IDs as strong access control. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation may fail or behave inconsistently if Node.js is not available, despite the metadata not saying it is required.
The skill requires a Node.js runtime to execute its documented commands, while the registry metadata declares no required binaries. This is an under-declared dependency rather than suspicious code.
`node todo.js add "Buy milk" "Mark"`
Confirm Node.js is installed before use, and the publisher should declare Node.js as a required binary/runtime.
Personal or family tasks entered into the skill remain on disk and may be visible to later invocations or anyone with access to that file.
The skill persistently stores family todo contents in a local JSON file under the current working directory.
const TODO_FILE = path.join(process.cwd(), 'memory/todo.json'); ... fs.writeFileSync(TODO_FILE, JSON.stringify(data, null, 2));
Avoid storing highly sensitive information in todos, check where the command is run, and protect or back up the memory/todo.json file as appropriate.
A mistaken or ambiguous command could complete or delete the wrong local todo item.
The CLI can mark tasks complete or delete them. This is expected for a todo manager, but these mutations are performed directly from command arguments without an additional confirmation step.
case 'done': completeTodo(args[1]); ... case 'delete': deleteTodo(args[1]);
List tasks before using done/delete, prefer exact task IDs, and consider adding confirmation or stricter matching for shared-family use.
Users may assume the multi-user IDs enforce privacy or permissions, but the included code treats them mainly as labels/filtering helpers.
The code contains configurable user IDs, but task filtering is based on caller-supplied command arguments and does not authenticate the actual user.
const USERS = { 'Mark': process.env.TODO_ADMIN_ID || 'REPLACE_WITH_YOUR_ID', ... }; ... listTodos(args[1], args[2] === 'true');Do not rely on this skill for private per-user separation unless additional authentication and authorization checks are added.