todo-tracker-safe
Secure TODO tracker with input validation and safe file operations. Use for task management across sessions.
Best use case
todo-tracker-safe is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Secure TODO tracker with input validation and safe file operations. Use for task management across sessions.
Teams using todo-tracker-safe should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/todo-tracker-safe/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How todo-tracker-safe Compares
| Feature / Agent | todo-tracker-safe | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Secure TODO tracker with input validation and safe file operations. Use for task management across sessions.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# 📋 TODO Tracker (安全版本) 安全的跨会话任务追踪工具,带有输入验证和安全文件操作。 ## 安全改进 相比原始版本,此版本包含以下安全增强: 1. **输入验证** - 所有用户输入经过 `sanitize_input()` 过滤 2. **固定字符串匹配** - 使用 `grep -F` 避免正则注入 3. **文件权限检查** - 验证 TODO 文件权限不过于宽松 4. **无动态执行** - 不使用 `eval` 或命令替换执行用户输入 5. **错误处理** - 使用 `set -euo pipefail` 严格模式 6. **长度限制** - 输入限制为 200 字符 ## 用法 ```bash # 添加任务 todo.sh add high "完成项目报告" todo.sh add medium "回复邮件" todo.sh add low "整理文件" # 标记完成 todo.sh done "项目报告" # 删除任务 todo.sh remove "整理文件" # 列出任务 todo.sh list # 全部 todo.sh list high # 高优先级 todo.sh list done # 已完成 # 摘要(用于 heartbeat) todo.sh summary ``` ## 配置 - `TODO_FILE` - 自定义 TODO 文件路径(默认:`~/.openclaw/workspace/TODO.md`) ## 触发条件 当用户说: - "添加到 TODO" / "add to TODO" - "标记 X 完成" / "mark X done" - "TODO 列表" / "TODO list" - "还有什么任务" / "what's on the TODO" - 心跳时自动显示摘要 ## 安全审计 - ✅ 无外部 API 调用 - ✅ 无网络请求 - ✅ 无环境变量读取(除 TODO_FILE) - ✅ 无动态代码执行 - ✅ 输入经过严格过滤 - ✅ 文件操作有权限检查
Related Skills
todoist
Manage tasks and projects in Todoist. Use when user asks about tasks, to-dos, reminders, or productivity.
tech-debt-tracker
Scan codebases for technical debt, score severity, track trends, and generate prioritized remediation plans. Use when users mention tech debt, code quality, refactoring priority, debt scoring, cleanup sprints, or code health assessment. Also use for legacy code modernization planning and maintenance cost estimation.
safe-exec
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.
amazon-price-tracker - 亚马逊价格追踪
## 描述
ai-prompt-engineering-safety-review
Comprehensive AI prompt engineering safety review and improvement prompt. Analyzes prompts for safety, bias, security vulnerabilities, and effectiveness while providing detailed improvement recommendations with extensive frameworks, testing methodologies, and educational content.
youtube-watcher
Fetch and read transcripts from YouTube videos. Use when you need to summarize a video, answer questions about its content, or extract information from it.
youtube-transcript
Fetch and summarize YouTube video transcripts. Use when asked to summarize, transcribe, or extract content from YouTube videos. Handles transcript fetching via residential IP proxy to bypass YouTube's cloud IP blocks.
youtube-auto-captions - YouTube 自动字幕
## 描述
youtube
YouTube Data API integration with managed OAuth. Search videos, manage playlists, access channel data, and interact with comments. Use this skill when users want to interact with YouTube. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
yahoo-finance
Get stock prices, quotes, fundamentals, earnings, options, dividends, and analyst ratings using Yahoo Finance. Uses yfinance library - no API key required.
xurl
A Twitter research and content intelligence skill focused on attracting WordPress and Shopify clients. Use to analyze Twitter profiles, threads, and conversations for: (1) Identifying what small agency founders and eCommerce brands are discussing; (2) Understanding pain points around WordPress performance, Shopify CRO, and development bottlenecks; (3) Extracting high-performing content angles; (4) Turning insights into authority-building posts; (5) Converting Twitter intelligence into business leverage for clear content angles, strong positioning, and qualified inbound leads.
xlsx
Use this skill any time a spreadsheet file is the primary input or output. This means any task where the user wants to: open, read, edit, or fix an existing .xlsx, .xlsm, .csv, or .tsv file (e.g., adding columns, computing formulas, formatting, charting, cleaning messy data); create a new spreadsheet from scratch or from other data sources; or convert between tabular file formats. Trigger especially when the user references a spreadsheet file by name or path — even casually (like "the xlsx in my downloads") — and wants something done to it or produced from it. Also trigger for cleaning or restructuring messy tabular data files (malformed rows, misplaced headers, junk data) into proper spreadsheets. The deliverable must be a spreadsheet file. Do NOT trigger when the primary deliverable is a Word document, HTML report, standalone Python script, database pipeline, or Google Sheets API integration, even if tabular data is involved.