← 返回 Skills 市场
1928
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install todozi
功能描述
Todozi Eisenhower matrix API client + LangChain tools. Create matrices, tasks, goals, notes; list/search/update; bulk operations; webhooks. Categories: do, done, dream, delegate, defer, dont.
安全使用建议
This skill's code and docs match the stated purpose (a Todozi API client and LangChain tools), but the registry metadata is incomplete: it doesn't declare the TODOZI_API_KEY (and dependency list) that the SKILL.md and code expect. Before installing, verify the source/trustworthiness of todozi.com and the skill author. Do not supply real API keys unless you trust the service; consider creating a limited/test API key. Be careful when registering webhooks — any webhook URL you provide will receive event payloads (potentially exposing task data). Ask the publisher to update the registry metadata to list required env vars (TODOZI_API_KEY, TODOZI_BASE optional) and Python dependencies (e.g., httpx, langchain, langgraph). If you proceed, run the skill in a restricted environment or review the full code for any additional network calls and audit webhook targets.
功能分析
Type: OpenClaw Skill
Name: todozi
Version: 1.0.0
The skill bundle is classified as suspicious due to the presence of webhook creation functionality (`create_webhook` and `register` methods in `scripts/todozi.py`, documented in `SKILL.md` and `references/api_reference.md`). These methods allow the skill to send data (webhook events, including potentially sensitive item details or newly registered API keys) to an arbitrary, user-defined URL. While this is a legitimate API feature, it presents a significant risk for data exfiltration if the AI agent is compromised via prompt injection, as it could be instructed to send data to an attacker-controlled endpoint. The `register` function also returns a `private_key` which could be exfiltrated.
能力评估
Purpose & Capability
The code and SKILL.md implement a Todozi API client and LangChain tools consistent with the description (create/list/update tasks, matrices, webhooks). However the registry metadata declares no required env vars or primary credential even though both the README and code expect TODOZI_API_KEY (and optionally TODOZI_BASE). Also the code imports substantial libraries (langchain, langgraph, httpx) that aren't declared in metadata.
Instruction Scope
Runtime instructions stay within the stated purpose: calling the Todozi API, listing/creating tasks, and exposing LangChain tools. They do include flows that register an API key and create webhooks (which will send data to arbitrary webhook URLs you supply). There is no instruction to read unrelated system files or hidden env vars, but webhook registration can cause the service to POST user data to external endpoints you configure.
Install Mechanism
There is no install spec (instruction-only skill with a bundled Python file). That lowers installer risk, but the code depends on third-party Python packages (httpx, langchain, langgraph) with no declared dependency list or install instructions in the registry. This mismatch may cause unexpected runtime failures or lead integrators to install dependencies from unknown sources manually.
Credentials
The skill requires an API key (TODOZI_API_KEY) and optionally TODOZI_BASE, but the registry lists no required environment variables or primary credential. Requesting/providing an API key is proportionate to the task, but the omission from metadata is an incoherence that could mislead users about what secrets the skill needs. Additionally, the register/webhook endpoints can yield an API key and cause the service to send data to external URLs — this should be considered sensitive.
Persistence & Privilege
always:false and default invocation settings mean the skill is not forced into every agent run. The skill exposes LangChain tools that allow the agent to act on your Todozi data (create/update/delete). This is expected for a task-manager integration, but it increases the impact if the skill is misused, so be cautious when granting autonomous invocation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install todozi - 安装完成后,直接呼叫该 Skill 的名称或使用
/todozi触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Todozi skill (v1.0.0):
- todozi.com full reference
- Async SDK and LangChain tools for Todozi Eisenhower matrix API.
- Create, list, search, update, complete, and delete tasks, goals, notes, and matrices.
- Supports bulk operations and webhook management.
- Six category system: do, done, dream, delegate, defer, dont.
- Provides `@tool`-decorated functions for agent integration.
元数据
常见问题
Todozi - Your Ai Task Manager 是什么?
Todozi Eisenhower matrix API client + LangChain tools. Create matrices, tasks, goals, notes; list/search/update; bulk operations; webhooks. Categories: do, done, dream, delegate, defer, dont. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1928 次。
如何安装 Todozi - Your Ai Task Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install todozi」即可一键安装,无需额外配置。
Todozi - Your Ai Task Manager 是免费的吗?
是的,Todozi - Your Ai Task Manager 完全免费(开源免费),可自由下载、安装和使用。
Todozi - Your Ai Task Manager 支持哪些平台?
Todozi - Your Ai Task Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Todozi - Your Ai Task Manager?
由 bgengs(@bgengs)开发并维护,当前版本 v1.0.0。
推荐 Skills