Agent skill

todo-tracker-safe

Secure TODO tracker with input validation and safe file operations. Use for task management across sessions.

View SKILL.md on GitHub Repository
Stars 1,878
Forks 294

Install this agent skill to your Project

npx add-skill https://github.com/LeoYeAI/openclaw-master-skills/tree/main/skills/todo-tracker-safe

Metadata

Additional technical details for this skill

openclaw 
{
    "emoji": "\ud83d\udccb",
    "requires": {
        "bins": [
            "bash",
            "grep",
            "awk",
            "sed"
        ]
    }
}

SKILL.md

📋 TODO Tracker (安全版本)

安全的跨会话任务追踪工具,带有输入验证和安全文件操作。

安全改进

相比原始版本,此版本包含以下安全增强:

  1. 输入验证 - 所有用户输入经过 sanitize_input() 过滤
  2. 固定字符串匹配 - 使用 grep -F 避免正则注入
  3. 文件权限检查 - 验证 TODO 文件权限不过于宽松
  4. 无动态执行 - 不使用 eval 或命令替换执行用户输入
  5. 错误处理 - 使用 set -euo pipefail 严格模式
  6. 长度限制 - 输入限制为 200 字符

用法

bash
# 添加任务
todo.sh add high "完成项目报告"
todo.sh add medium "回复邮件"
todo.sh add low "整理文件"

# 标记完成
todo.sh done "项目报告"

# 删除任务
todo.sh remove "整理文件"

# 列出任务
todo.sh list          # 全部
todo.sh list high     # 高优先级
todo.sh list done     # 已完成

# 摘要(用于 heartbeat)
todo.sh summary

配置

  • TODO_FILE - 自定义 TODO 文件路径(默认:~/.openclaw/workspace/TODO.md

触发条件

当用户说:

  • "添加到 TODO" / "add to TODO"
  • "标记 X 完成" / "mark X done"
  • "TODO 列表" / "TODO list"
  • "还有什么任务" / "what's on the TODO"
  • 心跳时自动显示摘要

安全审计

  • ✅ 无外部 API 调用
  • ✅ 无网络请求
  • ✅ 无环境变量读取(除 TODO_FILE)
  • ✅ 无动态代码执行
  • ✅ 输入经过严格过滤
  • ✅ 文件操作有权限检查

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

LeoYeAI/openclaw-master-skills

audit-website

Audit websites for SEO, performance, security, technical, content, and 15 other issue cateories with 230+ rules using the squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and actionable recommendations. Use to discover and asses website or webapp issues and health.

1,878 294
Explore
LeoYeAI/openclaw-master-skills

firecrawl

Web search and scraping via Firecrawl API. Use when you need to search the web, scrape websites (including JS-heavy pages), crawl entire sites, or extract structured data from web pages. Requires FIRECRAWL_API_KEY environment variable.

1,878 294
Explore
LeoYeAI/openclaw-master-skills

computer-use

Full desktop computer use for headless Linux servers. Xvfb + XFCE virtual desktop with xdotool automation. 17 actions (click, type, scroll, screenshot, drag, etc). Unlike OpenClaw's browser tool, operates at the X11 level so websites cannot detect automation. Includes VNC for live viewing.

1,878 294
Explore
LeoYeAI/openclaw-master-skills

social-media-analyzer

Social media campaign analysis and performance tracking. Calculates engagement rates, ROI, and benchmarks across platforms. Use for analyzing social media performance, calculating engagement rate, measuring campaign ROI, comparing platform metrics, or benchmarking against industry standards.

1,878 294
Explore
LeoYeAI/openclaw-master-skills

business-growth-skills

4 production-ready business and growth skills: customer success manager with health scoring and churn prediction, sales engineer with RFP analysis, revenue operations with pipeline and GTM metrics, and contract & proposal writer. Python tools included (all stdlib-only). Works with Claude Code, Codex CLI, and OpenClaw.

1,878 294
Explore
LeoYeAI/openclaw-master-skills

contract-and-proposal-writer

Contract & Proposal Writer

1,878 294
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results