← Back to Skills Marketplace
devlumuz

To-Do

by DevLumuz · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
541
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install to-do
Description
Give your AI the power to act in the future. Schedule delayed prompts and one-off reminders that automatically wake the agent up at an exact moment to execut...
Usage Guidance
This skill generally does what it says — it schedules the OpenClaw agent to run later — but it currently trusts callers to avoid dangerous inputs instead of enforcing safety. Before installing: 1) Confirm OPENCLAW_BIN points to a trusted, least-privileged OpenClaw binary. 2) Review or modify to-do.js to avoid shell-based exec interpolation (use spawn/execFile with argument arrays or strictly validate/sanitize userId, channel, and task content). 3) Test scheduling in a non-production environment to confirm no command-injection paths exist (try attacker-style inputs). 4) Prefer restricting scheduled messages to non-sensitive content and avoid embedding secrets or write-access file paths in scheduled instructions. If you want higher assurance, ask the author to add input validation and change exec usage to a safer API; having that change would increase confidence from medium to high.
Capability Analysis
Type: OpenClaw Skill Name: to-do Version: 1.0.3 The `to-do.js` skill contains multiple command injection vulnerabilities across both Windows and Linux/macOS platforms. User-controlled input, specifically the `<instruction>` argument for scheduling and the `<ID>` argument for deletion (on Linux/macOS), is not sufficiently sanitized before being passed to `child_process.exec`. While `SKILL.md` attempts to instruct the AI agent to avoid shell meta-characters, this relies on the agent's adherence and does not fix the underlying code vulnerabilities, making the skill susceptible to prompt injection attacks leading to arbitrary command execution. For example, on Windows, the `flatInstruction` passed to `schtasks /tr` is vulnerable to quote breaking, and on Linux/macOS, `agentCommand` is unsafely embedded within double quotes in an `echo` command, allowing shell metacharacters like `$(command)` to execute. The `atrm ${id}` command on Linux/macOS also lacks quoting, making it vulnerable to injection if the ID contains shell metacharacters.
Capability Assessment
Purpose & Capability
Name/description, required binary (node), and the two env vars (OPENCLAW_BIN, OPENCLAW_TZ) align with a scheduler that calls the OpenClaw agent at a future time. The script uses OS schedulers ('at' / 'schtasks') and invokes the openclaw binary to deliver messages, which is expected for this functionality.
Instruction Scope
SKILL.md explicitly instructs careful sanitization (no shell metacharacters, use only raw alphanumeric for user_id/channel) and to create fully self-contained instructions. However the code does not enforce those constraints: userId and channel are interpolated into shell commands without validation or escaping on POSIX/Windows flows. The skill therefore relies on politeness of callers rather than safe code, increasing risk of command injection or scheduling of malicious/overly-privileged actions. The skill also encourages including exact file paths and tool names in scheduled instructions — reasonable for clarity but increases chance of scheduling sensitive operations.
Install Mechanism
No install spec (instruction-only with provided JS file). Required runtime is node; no external downloads or archive extraction. Low install risk.
Credentials
Only OPENCLAW_BIN and OPENCLAW_TZ are required, which is proportionate for a scheduler that must call a local openclaw binary and interpret user timezone. However OPENCLAW_BIN points to a binary that will be executed later; if that binary is untrusted or has broad privileges, scheduled tasks can later trigger powerful actions. The skill does not request other secrets or credentials.
Persistence & Privilege
always is false (normal). The skill writes nothing itself but creates OS scheduler entries (at/schtasks) which persist and will run the openclaw agent at scheduled times. That persistence is appropriate for a scheduler but does increase blast radius because tasks run autonomously later; combined with the command construction issues this is a significant concern.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install to-do
  3. After installation, invoke the skill by name or use /to-do
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Improved SKILL.md prompt design: clearer command usage, stricter scheduling guardrails (run before resolving relative times), stronger anti-ambiguity/safety rules, and expanded examples for self-contained future instructions. No runtime code changes.
v1.0.2
Re-publish and update scheduler docs
v1.0.1
Internal cleanup and metadata optimization
v1.0.0
- Initial release: introduces one-off scheduling of background tasks, delayed actions, and reminders for agents. - Supports precise execution timing using native OS schedulers (`at` for Linux/macOS, `schtasks` for Windows). - Requires full, self-contained instructions for future sessions; vague requests are rejected pending clarification. - Dynamic context routing with user ID, channel, and timezone ensures correct delivery. - Strict output format: responses show scheduled date/time and the exact action in a blockquote, with no filler. - Includes commands for scheduling tasks, listing pending tasks, and deleting tasks.
Metadata
Slug to-do
Version 1.0.3
License
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is To-Do?

Give your AI the power to act in the future. Schedule delayed prompts and one-off reminders that automatically wake the agent up at an exact moment to execut... It is an AI Agent Skill for Claude Code / OpenClaw, with 541 downloads so far.

How do I install To-Do?

Run "/install to-do" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is To-Do free?

Yes, To-Do is completely free (open-source). You can download, install and use it at no cost.

Which platforms does To-Do support?

To-Do is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created To-Do?

It is built and maintained by DevLumuz (@devlumuz); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments