Security Audit

todoist

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

todoist received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via CLI Arguments, API Token Usage and Environment Variable Exposure, Broad Access to Todoist Account.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via CLI Arguments The skill relies on executing an external CLI tool (`~/clawd/skills/todoist/scripts/todoist`) and passes user-controlled input directly as arguments (e.g., task content, project names, filter strings). Without seeing the implementation of the `todoist` script, there is a high risk that a malicious user could craft input to inject arbitrary shell commands if the underlying script or the LLM's execution mechanism does not properly sanitize or escape these arguments. This is a common vulnerability when wrapping CLI tools. Implement robust input sanitization and argument escaping for all user-provided strings before passing them to the `todoist` CLI tool. When using `subprocess` in Python, prefer `shell=False` and pass arguments as a list. If the `todoist` script is a shell script, ensure all user inputs are properly quoted and escaped to prevent shell metacharacter interpretation.	LLM	SKILL.md:34
INFO	API Token Usage and Environment Variable Exposure The skill requires a `TODOIST_API_TOKEN` to be set as an environment variable for authentication. While this is a standard practice for API keys, it highlights the presence of a sensitive credential. The underlying `todoist` script must ensure this token is handled securely and not logged, exposed in error messages, or transmitted insecurely. Ensure the `todoist` script accesses the `TODOIST_API_TOKEN` securely from environment variables and avoids logging or exposing it in any output or error messages. Consider using a secrets management system if available.	LLM	SKILL.md:15
INFO	Broad Access to Todoist Account The skill, through the `todoist` CLI tool, is designed to manage all aspects of a user's Todoist account (tasks, projects, labels, comments). This implies broad read/write access to personal data within Todoist. Users should be aware of the extensive scope of data access granted to this skill. Clearly communicate the scope of Todoist data access to users. Ensure the skill only performs actions explicitly requested by the user and does not retain data unnecessarily.	LLM	SKILL.md:19

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f41f3b5009f43897.svg)](https://skillshield.io/report/f41f3b5009f43897)