中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:19 hr ago Rescan
20 /100
todo
Manage todo lists in PostgreSQL. Per-agent lists, optional categories, priorities, due dates.
This is a legitimate PostgreSQL-backed todo management CLI with filesystem access for .env loading and file migration that is not declared in SKILL.md.
Skill Nametodo
Duration44.0s
Enginepi
Safe to install
Add explicit filesystem:READ and filesystem:WRITE declarations to SKILL.md for the .env loading and migrate features. Consider pinning psycopg2-binary to a specific version.

Findings 4 items

Severity Finding Location
Low
Undeclared .env file reading Doc Mismatch
get_db_config() silently loads and parses a .env file in the skill directory without declaring filesystem:READ in SKILL.md. This is benign but undocumented.
for line in env_file.read_text().splitlines():
→ Declare filesystem:READ in SKILL.md allowed-tools if .env loading is intentional, or remove this fallback and rely solely on environment variables.
 scripts/todo_cli.py:53
Low
Undeclared filesystem write/delete via migrate Doc Mismatch
The migrate --action import-delete command deletes source files after import. This filesystem:WRITE capability is not declared in SKILL.md, though it is briefly mentioned in the migration warning section.
fpath.unlink()
→ Ensure filesystem:WRITE is declared in SKILL.md's allowed-tools if file deletion is part of the skill contract. Consider requiring explicit confirmation before destructive file operations.
 scripts/todo_cli.py:619
Low
Workspace path derived from environment or home directory Sensitive Access
cmd_migrate_check and cmd_migrate use Path.home() / '.openclaw' / 'workspace-researcher' as a fallback workspace, which resolves to a path under the user's home directory. This is acceptable but worth noting.
str(Path.home() / ".openclaw" / "workspace-researcher")
→ Document the workspace path expectation in SKILL.md or make it configurable via an explicit env var without falling back to hardcoded paths under ~.
 scripts/todo_cli.py:596
Info
Unpinned psycopg2-binary dependency Supply Chain
SKILL.md instructs users to 'pip install psycopg2-binary' with no version constraint, allowing any version to be pulled at install time.
pip install psycopg2-binary
→ Pin to a specific version, e.g., pip install psycopg2-binary==2.9.9, to prevent unexpected updates.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✗ Violation scripts/todo_cli.py:53 — reads .env file from disk
Filesystem NONE WRITE ✗ Violation scripts/todo_cli.py:619 — fpath.unlink() deletes source file after migrate
Database READ WRITE ✓ Aligned todo_cli.py — SELECT, INSERT, UPDATE, DELETE on todo tables; required for todo m…
Network NONE NONE No outbound network calls; only local PostgreSQL connection via psycopg2
Shell NONE NONE No subprocess, os.system, or shell command execution found
Environment NONE READ ✓ Aligned os.environ.get(...) for TODO_DB_* vars — documented and necessary for DB connect…

File Tree

6 files · 50.5 KB · 1494 lines
Python 1f · 1023L Markdown 4f · 466L JSON 1f · 5L
├─ 📁 references
│ ├─ 📝 cli.md Markdown 217L · 5.7 KB
│ └─ 📝 schema.md Markdown 64L · 2.3 KB
├─ 📁 scripts
│ └─ 🐍 todo_cli.py Python 1023L · 34.8 KB
├─ 📋 _meta.json JSON 5L · 128 B
├─ 📝 CHANGELOG.md Markdown 50L · 2.0 KB
└─ 📝 SKILL.md Markdown 135L · 5.5 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
psycopg2-binary * pip No Version not pinned — any version will be installed

Security Positives

✓ No obfuscation: no base64, eval(), or anti-analysis patterns detected
✓ No credential exfiltration: database password is used only for local PostgreSQL connection
✓ No remote code execution: no subprocess, os.system, or shell commands
✓ No network exfiltration: no outbound HTTP/WebSocket/C2 calls
✓ SQL injection mitigated via parameterized queries (psycopg2 %s placeholders)
✓ Cross-agent access is logged to todo_access_log table
✓ File deletion in migrate is workspace-scoped (fpath.relative_to(workspace) check prevents path traversal)
✓ No sensitive hardcoded secrets or embedded credentials
✓ Well-structured code with clear separation of concerns