Todo List 待办事项管理
ReviewAudited by ClawScan on May 18, 2026.
Overview
This todo skill is mostly purpose-aligned, but the provided code still uses unsafe shell execution for cron cleanup despite documentation claiming that was removed.
Review this skill before installing. Its todo/reminder purpose is coherent, but you should be comfortable with local storage of tasks and attachments, scheduled messages to the saved chat target, and should patch or avoid the shell=True cron cleanup path until it is fixed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or poisoned reminder record could potentially cause the script to run an unintended local shell command during reminder cleanup.
The skill invokes a shell command using a cron job ID read from stored reminder data. If that local reminder state is ever tampered with or contains shell metacharacters, this pattern can allow unintended command execution.
subprocess.run(f"openclaw cron delete {old_job_id}", shell=True, capture_output=True)Replace this call with an argument list such as subprocess.run(["openclaw", "cron", "delete", old_job_id], ...) and validate cron job IDs before use.
Users or reviewers may believe a command-injection risk was fixed when the provided code still contains the risky pattern.
The checklist claims shell=True was removed, but the provided scripts/todo.py still contains a shell=True subprocess call. This weakens the reliability of the skill's safety claims.
- [x] 移除 `shell=True` 使用,改用 args 列表形式
Correct the implementation and update the documentation so safety claims match the reviewed source.
Reminder messages may be sent later to the configured destination even after the original chat session has ended.
The skill creates persistent scheduled reminders through OpenClaw cron. This is disclosed and fits the todo reminder purpose, but it continues operating after the initial command.
本技能使用 OpenClaw CLI 的 `cron` 功能创建定时提醒: - 所有提醒任务都通过 `openclaw cron add` 命令创建 - 用户可以通过 `openclaw cron list` 查看所有提醒
Review scheduled jobs with openclaw cron list and delete reminders you no longer want.
Personal task titles, descriptions, attachment copies, and chat routing data may remain on disk and be reused by future skill commands.
The skill persistently stores tasks, copied attachments, reminder metadata, and session routing information in OpenClaw memory.
所有数据存储在 `~/.openclaw/workspace/memory/` 目录: - `todo.json` - 待办事项数据 - `todo-attachments/` - 任务附件 - `todo-session-config.json` - 会话配置 - `todo-reminders.json` - 提醒配置
Avoid adding sensitive attachments or task details unless you are comfortable storing them locally, and periodically clean the todo memory files if needed.
For quick todo commands, the agent may send the status/list through the script and then only return NO_REPLY in the chat.
The skill instructs the agent to force specific tool use and suppress normal response content for certain todo commands. This is disclosed and purpose-aligned with direct message sending, but it changes normal agent behavior.
必须使用 `send-status` 或 `send-list` 命令直接发送消息,**不要**自己输出内容 ... AI 应直接回复 `NO_REPLY`
Use these quick commands only when you expect the skill to post directly to the current configured chat target.
Users may not see dependency requirements from registry metadata alone and may be surprised that the skill runs local Python scripts and OpenClaw CLI commands.
The skill itself discloses Python and OpenClaw CLI requirements, while the registry requirements section lists no required binaries and no install spec. This is an under-declared dependency/capability signal rather than hidden execution.
requires: - python3 - openclaw
Declare python3 and OpenClaw CLI in registry metadata/capability signals as well as in SKILL.md.