← 返回 Skills 市场
735
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install todolist-md-clawdbot
功能描述
Read, summarize, propose edits, and write back changes for Markdown todo files using line-stable bot markers without altering task identity.
安全使用建议
This skill implements a Drive-backed Markdown todo editor and will need Google Drive credentials (access token or CLIENT_ID/CLIENT_SECRET + auth flow) and, optionally, gog CLI credentials. Before installing: (1) understand you'll need to provide Drive/gog credentials and may need to run sudo for the gog CLI; (2) review and accept that the skill will store a refresh token under /root/clawd/.secrets (persistent secret on disk); (3) consider running it in an isolated account/container with least privilege, or modify the scripts to use a dedicated service account and a narrower OAuth scope; (4) verify the metadata mismatch (no declared env/config) with the publisher and ensure you supply only minimal credentials needed; and (5) inspect the scripts yourself (or have someone you trust do so) before granting access to sensitive accounts.
功能分析
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
The skill bundle is classified as suspicious due to several risky capabilities and potential vulnerabilities, though without clear evidence of intentional malicious behavior. The `SKILL.md` defines `<!-- bot: ... -->` markers as instructions for the AI agent, creating a prompt injection surface. The `todolist_review_drive.py` script inserts `root_folder_id` and `model` values directly into `<!-- bot: last_review -->` markers; if these values are user-controlled and untrusted, they could be exploited for prompt injection. Additionally, both `todolist_drive_folder_agent.mjs` and `todolist_review_drive.py` execute external `gog` commands using `sudo -u ubuntu`, indicating the agent has `sudo` capabilities and executes commands as a different user. While argument passing is robust against shell injection, the use of `sudo` and external binaries represents a powerful primitive that, if misconfigured or if the `gog` binary itself were compromised, could lead to unauthorized execution. There is no evidence of data exfiltration to unauthorized endpoints, backdoors, or obfuscation.
能力评估
Purpose & Capability
The skill's name/description (Markdown todo editing) align with the included scripts which implement Google Drive access and in-file bot markers. However, the package metadata lists no required environment variables or config paths, while the scripts clearly require Drive OAuth tokens (ACCESS_TOKEN/REFRESH_TOKEN/CLIENT_ID/CLIENT_SECRET) and/or a gog account — this mismatch between declared requirements and actual code is notable.
Instruction Scope
SKILL.md rules and conventions are narrowly scoped to reading/writing Markdown with bot markers and minimizing LLM calls, which the code generally follows. But the runtime instructions and scripts reference and/or perform actions outside that narrow scope: reading /root/clawd/.secrets/gog.env, storing a refresh token file under /root/clawd/.secrets, and invoking sudo to run the 'gog' CLI as the 'ubuntu' user. Those filesystem and privileged interactions are not called out in the top-level metadata or prominently in SKILL.md.
Install Mechanism
There is no external install/download step (instruction-only/install-less). The skill bundles local scripts (Node/Python) and does not fetch arbitrary code from remote URLs during install. Risk from installation is therefore low; runtime risk comes from network calls the scripts make.
Credentials
The scripts expect Google Drive OAuth credentials (ACCESS_TOKEN, REFRESH_TOKEN, CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN_FILE) and gog-related credentials (GOG_ACCOUNT, GOG_KEYRING_PASSWORD, GOG_BIN). Those sensitive variables and a refresh token file are necessary for Drive access but were not declared in registry metadata. The skill persists tokens to disk under /root/clawd/.secrets, which is persistent and sensitive — proportionate for Drive integration but requires explicit user awareness and least-privilege configuration.
Persistence & Privilege
always:false (good), but the scripts persist refresh tokens to /root/clawd/.secrets/todolist_drive_oauth.json and expect a gog.env secrets file there. They also run sudo to call gog as another user. Persisting tokens and invoking sudo increase blast radius if the host or skill is compromised; these behaviors are not surfaced in the top-level metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install todolist-md-clawdbot - 安装完成后,直接呼叫该 Skill 的名称或使用
/todolist-md-clawdbot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
todolist-md-clawdbot 1.0.0 — Initial release
- Provides bot-assisted review and editing of todolist-md Markdown todo files.
- Uses only line-stable <!-- bot: ... --> markers for any write-back changes.
- Integrates with storage backends like Google Drive, local folders, or S3, respecting file identity and change detection.
- Ensures LLM operations only on changed files, reducing token usage and minimizing costs.
- Allows opt-in/opt-out file-level control via config file or in-file marker.
- Never marks tasks as complete without explicit user confirmation.
元数据
常见问题
Todolist Md Clawdbot 是什么?
Read, summarize, propose edits, and write back changes for Markdown todo files using line-stable bot markers without altering task identity. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 735 次。
如何安装 Todolist Md Clawdbot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install todolist-md-clawdbot」即可一键安装,无需额外配置。
Todolist Md Clawdbot 是免费的吗?
是的,Todolist Md Clawdbot 完全免费(开源免费),可自由下载、安装和使用。
Todolist Md Clawdbot 支持哪些平台?
Todolist Md Clawdbot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Todolist Md Clawdbot?
由 NitsujY(@nitsujy)开发并维护,当前版本 v1.0.0。
推荐 Skills