todoist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill recommends using the official @doist/todoist-ai package via npx. This is the standard delivery method for the Todoist MCP server.
- CREDENTIALS_UNSAFE (SAFE): The skill correctly instructs the user to provide their own API token via environment variables in a local configuration file, avoiding hardcoded secrets.
- COMMAND_EXECUTION (SAFE): All shell commands provided are legitimate setup and troubleshooting instructions for the Claude environment.
Audit Metadata