← 返回 Skills 市场
jwhowa

TODO Web App

作者 jwhowa · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
327
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install todo-webapp
功能描述
Deploy a local TODO web app that reads and writes a Markdown TODO.md file. Serves a beautiful dark-themed, glassmorphism UI on the LAN (no HTTPS needed). Fea...
安全使用建议
This skill appears to do exactly what it says: run a local Node.js server that reads/writes TODO.md and archives completed items. Before installing: 1) Inspect server.js yourself (it modifies TODO.md and appends to TODO-done.md). 2) Place the script where you intend and ensure TODO.md is the correct file (it uses the parent directory of server.js). 3) Be aware it serves plain HTTP on your LAN without authentication—anyone on your local network who can reach your host:3456 can view and toggle tasks. Don't install on a machine with sensitive TODO.md contents or on an untrusted network. 4) When following the launchd steps, open the plist file and verify the node and server.js paths and the run arguments before running launchctl load; if you prefer not to auto-start, skip the launchd step. 5) Consider firewall rules or binding to localhost if you want to restrict access. If you want additional assurance, run the server inside a restricted account/container or change file permissions so only an intended user can edit TODO.md.
功能分析
Type: OpenClaw Skill Name: todo-webapp Version: 1.0.1 The skill deploys a Node.js web server (scripts/server.js) that manages local Markdown files and establishes persistence via a macOS launchd agent. While the functionality matches the description, the server contains a Stored XSS vulnerability because it renders TODO item text directly into the HTML without sanitization. Furthermore, the server listens on all network interfaces (0.0.0.0) without authentication or CSRF protection, potentially allowing any device on the local network to read or modify the user's TODO files.
能力评估
Purpose & Capability
The name/description (local TODO web app) aligns with the provided server.js and SKILL.md. The script reads/writes TODO.md and TODO-done.md, serves UI over HTTP on port 3456, and includes archive/toggle behavior described in the README. The launchd autostart instruction matches the claimed auto-start behavior.
Instruction Scope
Instructions are scoped to installing the script, adding an optional bg.jpg, and registering a macOS launchd agent. They direct reading/writing of TODO.md and TODO-done.md (explicitly one directory up from server.js). Note: the instructions modify user launch agents (persistent startup) and assume macOS; there is no guidance for other OSes. The app exposes an unauthenticated HTTP endpoint on the LAN and will accept toggle/archive actions from any LAN client—this is expected but a material security consideration.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-only plus a bundled server.js file. Nothing is pulled from remote URLs or extracted to disk by an installer. The only persistent installation step is the user copying a plist into ~/Library/LaunchAgents and loading it.
Credentials
No environment variables, credentials, or external service tokens are requested. The script works with local filesystem files only (TODO.md, TODO-done.md, optional bg.jpg). Those file accesses are consistent with the described functionality.
Persistence & Privilege
The skill does not set always:true and requires manual user action to install. However, the provided instructions ask the user to create/load a launchd agent, which grants persistent autostart on macOS. This persistence is proportional to the stated goal (auto-start), but users should review the plist and confirm paths/permissions before loading.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install todo-webapp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /todo-webapp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add preview screenshot
v1.0.0
Initial release: live TODO web app with SSE auto-refresh, click-to-toggle, and Archive Done button
元数据
Slug todo-webapp
版本 1.0.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

TODO Web App 是什么?

Deploy a local TODO web app that reads and writes a Markdown TODO.md file. Serves a beautiful dark-themed, glassmorphism UI on the LAN (no HTTPS needed). Fea... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 327 次。

如何安装 TODO Web App?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install todo-webapp」即可一键安装,无需额外配置。

TODO Web App 是免费的吗?

是的,TODO Web App 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

TODO Web App 支持哪些平台?

TODO Web App 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TODO Web App?

由 jwhowa(@jwhowa)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论