Todo Boss
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a mostly local task tracker, but its add-task script can turn crafted task text into locally executed Python code.
Do not install this skill until the add_task.sh input handling is fixed. Its overall design is a reasonable local todo tracker, but the current helper should safely serialize user text instead of embedding it into Python source code.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental specially formatted /todo message could run commands as the local user, corrupt the todo log, or make the helper fail.
The script takes user-controlled task text and interpolates it directly into Python source code inside double-quoted string literals. Crafted text containing quotes and Python expressions could break out of the string and execute code locally.
TEXT="${1:-}"
...
python3 - <<PY >> "$LOG"
...
"title": "$TITLE",
...
"raw": "$TEXT"
}Do not generate Python code with interpolated user text. Pass input through argv, stdin, or environment variables and construct JSON only inside Python with json.dumps; also invoke the helper with an argument array rather than a shell-quoted command string.
The skill may fail or behave differently depending on the user's local shell and Python environment.
The included helper requires local shell tooling and Python, while the registry requirements list no required binaries. This is purpose-aligned but under-declared.
#!/usr/bin/env bash ... python3 - <<PY >> "$LOG"
Declare the required binaries and runtime assumptions in metadata or installation documentation.
Task details, owners, due dates, and raw task text may remain on disk and be reused in later reports.
The skill intentionally persists task content and derived state locally for future listing and reports. This is disclosed and aligned with the task-tracking purpose.
Append-only log: ~/.openclaw/workspace/data/todo/tasks.jsonl Derived state cache (optional): ~/.openclaw/workspace/data/todo/state.json
Avoid putting secrets or highly sensitive information in task text, and consider adding retention, deletion, or export controls.