← Back to Skills Marketplace
yushenliu06

Todo List 待办事项管理

by YuShenLiu06 · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
392
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install todo-list
Description
待办事项管理技能,支持添加、查看、完成、删除待办事项,支持到期提醒、标签系统、项目管理、附件功能。触发条件:(1) 用户提到待办、Todo、任务管理、待办列表、todolist (2) 需要添加、查看、完成、删除待办事项 (3) 设置任务提醒 (4) 标签管理 (5) 项目管理 (6) 用户直接输入"todo"或...
Usage Guidance
This skill is functionally coherent for a local todo/reminder system using the OpenClaw CLI, but exercise caution before installing. What to check or do before installing: - Inspect and fix the shell deletion call: replace subprocess.run(f"openclaw cron delete {old_job_id}", shell=True, ...) with an args list (e.g. ['openclaw','cron','delete', old_job_id]) or otherwise sanitize/validate job IDs to remove command injection risk. - Review the implementation of attachment handling (add_attachment) to ensure it enforces the claimed path restrictions, prevents directory traversal and symlink TOCTOU attacks, enforces the 50MB limit, and sets safe permissions on copied files. - Ensure the memory directory (~/.openclaw/workspace/memory/) and session config files are accessible only by the intended user (restrict filesystem permissions) because reminders and job IDs are stored there and could be tampered with by other local users. - Be aware that the skill will create cron jobs via OpenClaw and send messages to configured channels/targets — verify your OpenClaw configuration and channel target are trusted before enabling reminders. - If you do not trust the skill owner/source, consider running the scripts in a restricted environment (container or dedicated account) or request a code revision that removes shell=True usage and provides audited attachment code. Confidence note: the assessment is based on the included SKILL.md and the provided Python sources; the todo.py file was large and partially truncated in the listing, so also review the remainder of that file (especially add_attachment and any other subprocess usage) for additional issues.
Capability Analysis
Type: OpenClaw Skill Name: todo-list Version: 1.3.0 The skill bundle is a functional todo list manager that supports task scheduling, tagging, project grouping, and file attachments. It uses the `openclaw` CLI for sending notifications and managing cron jobs. Security features are implemented in `scripts/todo.py`, such as path validation and size limits for attachments to prevent unauthorized file access. While some internal calls to `subprocess.run` still use `shell=True` (a potential vulnerability if local configuration files are tampered with), the overall logic is transparent, well-documented, and lacks any indicators of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
Name/description, the CLI scripts, and the SKILL.md are consistent: the package implements a local Python-based todo system, stores data under ~/.openclaw/workspace/memory/, supports attachments and uses the OpenClaw CLI to create cron reminders. The requested dependencies (python3 and OpenClaw CLI) match the stated purpose and there are no unexpected external credentials or unrelated binaries required.
Instruction Scope
Runtime instructions require the agent to read/write session and data files under ~/.openclaw/workspace/memory/ (todo.json, session config, reminders, attachments). That matches the feature set, but it does mean the skill will read local files and persist configuration and reminders. The SKILL.md requires the agent to extract channel and target from the conversation context and pass them to scripts — this is expected but grants the skill the ability to send messages via OpenClaw into configured channels. The instructions also direct the agent to only output certain tokens (e.g. NO_REPLY) when scripts are used, which is an operational constraint but not a security issue by itself.
Install Mechanism
No external install/download step is declared (instruction-only with included Python scripts). No remote URLs or package installs are used. The code is bundled in the skill, so there is no network fetch at install time — lowest risk from installers.
Credentials
The skill does not request environment variables or external credentials. Its need to access files under the user's home (~/.openclaw/workspace/memory/) and to call the OpenClaw CLI is proportional to a todo/reminder skill that integrates with OpenClaw cron and channel messaging.
Persistence & Privilege
The skill persists its own data and session configuration under ~/.openclaw/workspace/memory/ and creates cron jobs via the OpenClaw CLI. It is not marked always:true and does not claim to modify other skills. Creating cron entries and writing to the user-owned memory directory are expected for reminders, but these are persistent actions the user should be aware of (cron jobs will cause future outbound messages to channels configured in session).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install todo-list
  3. After installation, invoke the skill by name or use /todo-list
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
优化待办事项管理功能,改进提醒机制,修复已知问题
v1.2.0
移除feishu依赖,简化metadata格式,明确声明依赖
v1.1.0
安全修复:移除shell=True,添加依赖声明,增强文件访问安全
v1.0.0
首次发布:支持待办事项管理、标签系统、项目管理、附件功能、自动提醒
Metadata
Slug todo-list
Version 1.3.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 4
Frequently Asked Questions

What is Todo List 待办事项管理?

待办事项管理技能,支持添加、查看、完成、删除待办事项,支持到期提醒、标签系统、项目管理、附件功能。触发条件:(1) 用户提到待办、Todo、任务管理、待办列表、todolist (2) 需要添加、查看、完成、删除待办事项 (3) 设置任务提醒 (4) 标签管理 (5) 项目管理 (6) 用户直接输入"todo"或... It is an AI Agent Skill for Claude Code / OpenClaw, with 392 downloads so far.

How do I install Todo List 待办事项管理?

Run "/install todo-list" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Todo List 待办事项管理 free?

Yes, Todo List 待办事项管理 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Todo List 待办事项管理 support?

Todo List 待办事项管理 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Todo List 待办事项管理?

It is built and maintained by YuShenLiu06 (@yushenliu06); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments