← Back to Skills Marketplace

Todo4 Onboard

Name: Todo4 Onboard
Author: panitw

by Panit Wechasil · GitHub ↗ · v1.3.1 · MIT-0

cross-platform ✓ Security Clean

145

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install todo4-onboard

Description

Sign up for Todo4 and connect this agent via MCP. Use whenever the user says things like 'set me up with Todo4', 'sign me up for Todo4', 'install Todo4', 'co...

Usage Guidance

This skill appears to do exactly what it says: create a Todo4 account via email OTP and connect your AI agent by writing a TODO4_AGENT_TOKEN and MCP config into ~/.openclaw. Before installing, verify the publisher/repository URL and only proceed if you trust it. Be aware the agent token is stored in plaintext at ~/.openclaw/.env and the MCP config is written to ~/.openclaw/mcp_config.json — treat those as sensitive: check and, if desired, restrict file permissions (chmod 600 ~/.openclaw/.env). After onboarding you can revoke the agent token from your Todo4 account if you need to remove access. Finally, confirm curl and jq are available on the system and that you are comfortable with the skill contacting todo4.io for the onboarding flow.

Capability Analysis

Type: OpenClaw Skill Name: todo4-onboard Version: 1.3.1 The skill implements a standard passwordless onboarding and configuration process for the Todo4 service. It uses bash scripts (register.sh, verify.sh, and connect.sh) to interact with the official API at https://todo4.io via HTTPS. The skill handles sensitive data appropriately by storing the resulting agent token and MCP configuration within the agent's local directory (~/.openclaw/) and includes explicit instructions in SKILL.md to prevent the AI from echoing secrets or tokens back to the user.

Capability Tags

cryptocan-make-purchasesrequires-oauth-token

Capability Assessment

✓ Purpose & Capability

Name/description (onboard/connect to Todo4) align with required actions: the skill runs three scripts that call Todo4 API endpoints to register, verify OTP, and connect an agent. The requested binaries (curl, jq) are appropriate and the write targets (~/.openclaw/.env and ~/.openclaw/mcp_config.json) match the described MCP onboarding behavior.

ℹ Instruction Scope

SKILL.md prescribes an exact 4-step flow that runs the included shell scripts and explicitly instructs not to echo tokens. The scripts transmit only the user's email, OTP, and access token to todo4.io endpoints. They capture an access token from an httpOnly cookie and later store an agent token locally. This scope is coherent with onboarding, but the agent will execute disk-resident scripts that write persistent secrets — the skill's instructions correctly warn about not echoing secrets.

✓ Install Mechanism

No install spec; skill is instruction+script-only. The shipped scripts are plain bash and call a well-known domain (todo4.io). There are no downloads from arbitrary URLs or extracted archives. Risk from installation is low, but you should install only from a trusted source.

ℹ Credentials

The skill declares no required environment variables but the scripts do rely on HOME (connect.sh checks HOME) and write files under $HOME/.openclaw. That is proportionate to storing agent credentials/config, but the skill will create/modify ~/.openclaw/.env (plaintext TODO4_AGENT_TOKEN) and ~/.openclaw/mcp_config.json — these are sensitive artifacts and the skill does not set restrictive file permissions.

ℹ Persistence & Privilege

always:false and autonomous invocation are default/normal. The script intentionally persists an agent token and MCP config in the user's home directory which grants the agent ongoing access to the Todo4 account; this persistence is expected for an onboarding/connect skill but increases long-term blast radius if the token is leaked or the skill is untrusted.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install todo4-onboard
After installation, invoke the skill by name or use /todo4-onboard
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.1

**Adds multilingual onboarding.** - Detects and replies in the user's language throughout the onboarding flow; defaults to English if unclear. - SAY lines are now reference wording and must be translated in responses (except for commands, URLs, or tokens). - Explicitly clarifies that the OTP verification script must be called only once per code. - When login URL is available, sends three separate messages instead of one combined message at the end of onboarding. - No other flow or logic changes.

v1.3.0

No changes detected in this version. - Version 1.3.0 was published, but no file changes were found compared to the previous release.

v1.2.0

**Major revision: onboarding flow now stricter and more prescriptive.** - Enforces a fixed 4-step sign-up and agent connection process, with precise prompts and error handling. - Clarifies trigger conditions—run whenever user asks to set up or connect Todo4 (no explanations or confirmations). - Provides updated scripts usage, output parsing, and step-by-step user interaction instructions. - Adds clear DOs and DON'Ts for messaging, error reactions, security (never echo codes or tokens), and agent name selection. - Introduces browser one-time login link extraction and delivery if available after connection. - Prevents any improvisation, skipping, or summarizing of steps—the flow must be followed exactly as written.

v1.1.0

- You now specify your agent name when connecting to the user's Todo4 account (Step 4), making it easier for users to identify which agent is connected in their dashboard. - The onboarding instruction for connecting the agent uses the new script syntax: scripts/connect.sh <accessToken> <your_agent_name>. If omitted, it defaults to "OpenClaw". - Minor documentation improvement for agent identification; no logic or process changes.

v1.0.2

## todo4-onboard v1.0.2 - No user-facing changes; documentation and functionality remain the same. - Internal version update only; no file changes detected.

v1.0.1

todo4-onboard 1.0.0 - Initial release of the Todo4 onboarding skill. - Enables users to create and connect a Todo4 account directly from chat, no website or password required. - Guides the user step-by-step: collects email, sends verification code, verifies, connects the agent, and handles first task. - Provides detailed in-chat error handling for common onboarding issues. - Enforces strict security rules for tokens and sensitive data during onboarding.

v1.0.0

todo4-onboard v1.0.0 - Introduces a chat-first onboarding flow for Todo4 accounts — no website or password required. - Guides users step-by-step: collects email, sends/validates verification code, and connects agent within chat. - Handles common errors with clear, user-friendly messages for validation, rate limits, quota, and connectivity issues. - Enforces strong security: never displays sensitive codes or tokens in chat. - Prompts users to immediately try out their Todo4 account after setup.

Metadata

Slug todo4-onboard

Version 1.3.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 7

Frequently Asked Questions

What is Todo4 Onboard?

Sign up for Todo4 and connect this agent via MCP. Use whenever the user says things like 'set me up with Todo4', 'sign me up for Todo4', 'install Todo4', 'co... It is an AI Agent Skill for Claude Code / OpenClaw, with 145 downloads so far.

How do I install Todo4 Onboard?

Run "/install todo4-onboard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Todo4 Onboard free?

Yes, Todo4 Onboard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Todo4 Onboard support?

Todo4 Onboard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Todo4 Onboard?

It is built and maintained by Panit Wechasil (@panitw); the current version is v1.3.1.

More Skills