ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Todo

v1.2.1

Turn follow-up promises into an execution queue for agents. Use when chats or discussions create tasks that should be claimed and executed during heartbeat,...

1· 117·1 current·1 all-time
by@zoujiejun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts create and manage a local tasks.json, claim work during heartbeat, and optionally dispatch tasks to discovered workspaces. The only minor mismatch is that the package metadata declares no required binaries while the shipped scripts assume a POSIX shell and python3 are available.
Instruction Scope
Runtime instructions and hooks operate on workspace-local files (.agent-todo/tasks.json, .agent-todo/local.json, HEARTBEAT.md) and on OpenClaw's config (~/.openclaw/openclaw.json). Hooks can auto-create tasks from reply content and will call the CLI to add/dispatch tasks. This matches the stated purpose, but users should note enabling the post_reply hook will automatically queue tasks when reply content matches the heuristic.
Install Mechanism
No remote install or downloads are declared; this is an instruction+script bundle. Nothing is fetched from external URLs and no archives are extracted, which lowers installation risk.
Credentials
No secrets or unrelated environment variables are required. The code optionally reads OPENCLAW_CONFIG, AGENT_TODO_WORKSPACE, and TODO_DB to locate workspaces — these are proportional to discovery and workspace binding. It also relies on standard shell/python runtime environment (not declared in metadata).
Persistence & Privilege
The skill writes and updates local workspace state (.agent-todo/*) and can modify HEARTBEAT.md (append/update a managed block). When dispatch or setup-heartbeat --all are used, it will write into other discovered workspaces; this is expected for cross-agent routing but is a persistence action users should be aware of.
Assessment
This skill appears to do exactly what it says: manage a local task queue and optionally dispatch tasks to other workspaces discovered from your OpenClaw config. Before installing: (1) ensure python3 and a POSIX shell are available (scripts assume them); (2) review and back up any HEARTBEAT.md files you care about because setup-heartbeat --write will insert/update a managed block; (3) enable the post_reply hook only if you want automatic conversion of forum/chat replies into queued tasks (its heuristics may false-positive); (4) understand that dispatch will write to other workspaces discovered via ~/.openclaw/openclaw.json — ensure that config and workspace permissions are appropriate. If you want higher assurance, inspect the full scripts locally (they are included) and run the provided smoke tests in a temporary workspace first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a2g6xjqr686as9hyj2889tn83eweg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments