Security Audit

todoist

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

todoist received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `td` CLI arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via `td` CLI arguments The skill instructs the AI agent to construct and execute shell commands using the `td` CLI tool. Several examples, such as `td add "Call dentist tomorrow 10am p2 #Personal"` or `td task update <ref> --description "..."`, show arguments to `td` commands that are intended to be derived from untrusted user input. If the agent directly interpolates user-provided text into these shell commands without proper sanitization and shell escaping (e.g., using `shlex.quote` in Python), a malicious user could inject arbitrary shell commands. This could lead to unauthorized data access, system compromise, or denial of service on the host system where the agent is running. The agent's implementation must ensure that all user-provided input passed as arguments to shell commands is properly sanitized and shell-escaped. For example, in Python, `shlex.quote()` should be applied to each argument before constructing the final command string. In Node.js or other environments, similar robust escaping mechanisms should be used to prevent shell metacharacters from being interpreted as commands. Avoid direct string concatenation of untrusted user input into shell commands.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f394e5385ce754bb.svg)](https://skillshield.io/report/f394e5385ce754bb)