← Back to Skills Marketplace
282
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install todoist-mind
Description
Управление задачами в Todoist: добавление, обновление статуса (выполнено/удалено), определение даты/срочности/приоритета и навигация по проектам. Используйте...
Usage Guidance
Do not deploy or run this skill as-is. Specific recommendations:
- Remove the hard-coded API token from references/API_CONFIG.json and consider it compromised: rotate the token immediately if it has been used elsewhere.
- Decide on a single configuration method (either environment variable or config file), update SKILL.md/SECURITY.md/metadata to match, and update the code to read from the declared source. Avoid requiring both.
- Fix the CONFIG_PATH mismatch: the script expects './skills/todoist-manager/references/API_CONFIG.json' while SKILL.md references './references/API_CONFIG.json'. Ensure the path is correct for your runtime.
- Remove or justify unrelated requirements: the 'uv' binary and 'browser.enabled' config are not used and should be removed from metadata unless there is a clear reason.
- Ensure dependencies (requests) are declared or available in the runtime.
- Review the code yourself (or have a trusted reviewer) before giving it access to real credentials or allowing autonomous invocation. Because the bundle contains a real token, treat any machine that ran this skill as potentially exposed until you rotate the token and verify no unauthorized calls were made.
Capability Analysis
Type: OpenClaw Skill
Name: todoist-mind
Version: 1.0.0
The skill contains a hardcoded API token in 'references/API_CONFIG.json', which is a significant security risk and credential leak. There is also a critical contradiction between 'SKILL.md' and 'references/SECURITY.md' regarding whether the token should be stored in a configuration file or an environment variable, which could lead to improper secret management by the user. Furthermore, the script 'scripts/todoist_api.py' uses an unconventional API base URL (api.todoist.com/api/v2) and performs a full data sync ('resource_types': ['all']) on every execution, which is excessive for simple task management.
Capability Assessment
Purpose & Capability
The skill's code and SKILL.md implement Todoist task operations (add, complete, delete, list) which matches the description. However required metadata asks for an unrelated binary ('uv') and a config flag ('browser.enabled') that the code never uses. These required items are disproportionate to the stated purpose and inconsistent.
Instruction Scope
SKILL.md instructs the operator to place the token in ./references/API_CONFIG.json and explicitly says the token is NOT read from env vars, but the skill metadata declares todoist_api_token as a required environment variable and primaryEnv. The script itself reads a config file at './skills/todoist-manager/references/API_CONFIG.json' (path mismatch) and does not read environment variables. These contradictions create ambiguous runtime behavior and risk misconfiguration. The instructions otherwise stay within the Todoist scope and the script is a stub that simulates API calls, but the presence of a real token file in the bundle contradicts the guidance.
Install Mechanism
This is an instruction-only skill with a bundled Python script; there is no install spec or remote downloads, so install risk is low. The script uses the 'requests' library but dependencies are not declared. No remote code fetches were detected.
Credentials
The manifest requires an environment variable todoist_api_token (primaryEnv) but the SKILL.md and the script expect the token to be in a local JSON file. references/SECURITY.md references a different variable name (TODOIST_API_KEY). Additionally, a valid Todoist API token is included in references/API_CONFIG.json inside the skill bundle — embedding credentials in the repository is unnecessary and dangerous. The required config 'browser.enabled' is unrelated to how the script operates.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. It only reads a local config file and makes outbound HTTP requests to the Todoist API. It does not modify other skills or global configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install todoist-mind - After installation, invoke the skill by name or use
/todoist-mind - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Todoist Manager skill.
- Provides commands to add tasks, complete or delete tasks, and list Todoist projects.
- Uses a mock script (`scripts/todoist_api.py`) that simulates API actions through console output.
- Requires Todoist API token to be set in `./references/API_CONFIG.json`.
- Includes detailed usage instructions and parameters for each command.
Metadata
Frequently Asked Questions
What is todoist-mind?
Управление задачами в Todoist: добавление, обновление статуса (выполнено/удалено), определение даты/срочности/приоритета и навигация по проектам. Используйте... It is an AI Agent Skill for Claude Code / OpenClaw, with 282 downloads so far.
How do I install todoist-mind?
Run "/install todoist-mind" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is todoist-mind free?
Yes, todoist-mind is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does todoist-mind support?
todoist-mind is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created todoist-mind?
It is built and maintained by SenseAI (@ai-mindmarket); the current version is v1.0.0.
More Skills