← 返回 Skills 市场

todoist-mind

Name: todoist-mind
Author: ai-mindmarket

作者 SenseAI · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

282

总下载

当前安装

版本数

在 OpenClaw 中安装

/install todoist-mind

功能描述

Управление задачами в Todoist: добавление, обновление статуса (выполнено/удалено), определение даты/срочности/приоритета и навигация по проектам. Используйте...

安全使用建议

Do not deploy or run this skill as-is. Specific recommendations: - Remove the hard-coded API token from references/API_CONFIG.json and consider it compromised: rotate the token immediately if it has been used elsewhere. - Decide on a single configuration method (either environment variable or config file), update SKILL.md/SECURITY.md/metadata to match, and update the code to read from the declared source. Avoid requiring both. - Fix the CONFIG_PATH mismatch: the script expects './skills/todoist-manager/references/API_CONFIG.json' while SKILL.md references './references/API_CONFIG.json'. Ensure the path is correct for your runtime. - Remove or justify unrelated requirements: the 'uv' binary and 'browser.enabled' config are not used and should be removed from metadata unless there is a clear reason. - Ensure dependencies (requests) are declared or available in the runtime. - Review the code yourself (or have a trusted reviewer) before giving it access to real credentials or allowing autonomous invocation. Because the bundle contains a real token, treat any machine that ran this skill as potentially exposed until you rotate the token and verify no unauthorized calls were made.

功能分析

Type: OpenClaw Skill Name: todoist-mind Version: 1.0.0 The skill contains a hardcoded API token in 'references/API_CONFIG.json', which is a significant security risk and credential leak. There is also a critical contradiction between 'SKILL.md' and 'references/SECURITY.md' regarding whether the token should be stored in a configuration file or an environment variable, which could lead to improper secret management by the user. Furthermore, the script 'scripts/todoist_api.py' uses an unconventional API base URL (api.todoist.com/api/v2) and performs a full data sync ('resource_types': ['all']) on every execution, which is excessive for simple task management.

能力评估

⚠ Purpose & Capability

The skill's code and SKILL.md implement Todoist task operations (add, complete, delete, list) which matches the description. However required metadata asks for an unrelated binary ('uv') and a config flag ('browser.enabled') that the code never uses. These required items are disproportionate to the stated purpose and inconsistent.

⚠ Instruction Scope

SKILL.md instructs the operator to place the token in ./references/API_CONFIG.json and explicitly says the token is NOT read from env vars, but the skill metadata declares todoist_api_token as a required environment variable and primaryEnv. The script itself reads a config file at './skills/todoist-manager/references/API_CONFIG.json' (path mismatch) and does not read environment variables. These contradictions create ambiguous runtime behavior and risk misconfiguration. The instructions otherwise stay within the Todoist scope and the script is a stub that simulates API calls, but the presence of a real token file in the bundle contradicts the guidance.

ℹ Install Mechanism

This is an instruction-only skill with a bundled Python script; there is no install spec or remote downloads, so install risk is low. The script uses the 'requests' library but dependencies are not declared. No remote code fetches were detected.

⚠ Credentials

The manifest requires an environment variable todoist_api_token (primaryEnv) but the SKILL.md and the script expect the token to be in a local JSON file. references/SECURITY.md references a different variable name (TODOIST_API_KEY). Additionally, a valid Todoist API token is included in references/API_CONFIG.json inside the skill bundle — embedding credentials in the repository is unnecessary and dangerous. The required config 'browser.enabled' is unrelated to how the script operates.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated or persistent system privileges. It only reads a local config file and makes outbound HTTP requests to the Todoist API. It does not modify other skills or global configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install todoist-mind
安装完成后，直接呼叫该 Skill 的名称或使用 /todoist-mind 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of Todoist Manager skill. - Provides commands to add tasks, complete or delete tasks, and list Todoist projects. - Uses a mock script (`scripts/todoist_api.py`) that simulates API actions through console output. - Requires Todoist API token to be set in `./references/API_CONFIG.json`. - Includes detailed usage instructions and parameters for each command.

元数据

Slug todoist-mind

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

todoist-mind 是什么？

Управление задачами в Todoist: добавление, обновление статуса (выполнено/удалено), определение даты/срочности/приоритета и навигация по проектам. Используйте... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 282 次。

如何安装 todoist-mind？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install todoist-mind」即可一键安装，无需额外配置。

todoist-mind 是免费的吗？

是的，todoist-mind 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

todoist-mind 支持哪些平台？

todoist-mind 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 todoist-mind？

由 SenseAI（@ai-mindmarket）开发并维护，当前版本 v1.0.0。