Back to skill
Skillv1.0.0
ClawScan security
Todoist API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 5, 2026, 11:15 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a plausible Todoist API wrapper with sensible safety defaults, but the registry metadata omits the fact that it requires a Todoist API token and the CLI supports a base_url override — verify token handling and the metadata before installing.
- Guidance
- This skill appears to be a legitimate Todoist API helper, but take these precautions before installing or running it: 1) The scripts expect a Todoist token (TODOIST_API_TOKEN / TODOIST_TOKEN) even though the registry metadata doesn't declare one — do not provide your token unless you trust the source. 2) Inspect scripts/todoist_api.py and smoke_test.py yourself (they are included) to confirm there are no unexpected network endpoints; the code defaults to api.todoist.com but allows --base-url (avoid pointing that to unknown hosts). 3) Run the read-only smoke_test first in an isolated environment with a token of limited scope or a throwaway account to verify behavior. 4) Prefer using --dry-run and --confirm for any write/bulk operations. 5) Ask the publisher to correct the registry metadata to list TODOIST_API_TOKEN (or make the credential requirement explicit) before installing in production. If you cannot verify these points, treat the skill as unsafe to receive your real Todoist token.
Review Dimensions
- Purpose & Capability
- concernThe skill's name, description, and included scripts clearly target the Todoist REST API and the required capabilities (task/project/label management) match the code. However, the registry metadata lists no required environment variables or primary credential while both SKILL.md and the scripts expect a Todoist API token (TODOIST_API_TOKEN or TODOIST_TOKEN). This mismatch is incoherent: a Todoist integration legitimately needs an API token and the registry should declare that.
- Instruction Scope
- noteRuntime instructions and scripts stay within the Todoist API domain: they use api.todoist.com, support dry-run/confirm semantics, and the 'raw' and 'sync' escape hatches are documented. The CLI accepts --base-url which can point to an alternate host: this is a legitimate testing/compatibility feature but could be abused to send tokens to a non-Todoist endpoint if misused. The instructions do not ask for unrelated system files or unrelated credentials.
- Install Mechanism
- okNo install spec is provided (instruction-only with bundled Python scripts). Nothing is downloaded at install time; risk from install mechanism is low. The presence of code files means the code will run on the host, so the user should review the included scripts before executing.
- Credentials
- concernThe skill legitimately requires a single Todoist API token (TODOIST_API_TOKEN or TODOIST_TOKEN), which is proportionate to its purpose. The concern is that the registry metadata does not declare this required credential (required env vars: none, primary credential: none), creating an information gap and increasing the chance a user might unwittingly expose secrets. No other unrelated credentials are requested.
- Persistence & Privilege
- okThe skill does not request persistent/always-on inclusion (always: false) and does not modify other skills or system-wide settings. Autonomous invocation is enabled (platform default) but not combined with other broad privileges here.