📦 File Todos — 文件待办

v2.56.1

复合英文文件待办工具，从英文文件中提取待办事项并进行管理。

0· 219·0 当前·0 累计

by @iliaal (Ilia Alshanetsky)

任务管理文件处理开发工具

下载技能包

最后更新

2026/4/18

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is internally consistent: it is an instruction-only, file-based todo system that only manipulates markdown files in a todos/ directory and does not request credentials or install code.

评估建议

This appears to be a straightforward, instruction-only todo/file-management skill. Before installing: (1) note that the documentation assumes a Unix-like shell and optional tools (grep, awk, mv, and the GitHub CLI) but the skill does not declare those dependencies — ensure your environment has any tools you plan to use; (2) confirm the todos/ directory is the intended location and not a symlink to any sensitive path (to avoid accidental edits of system or secret files); (3) understand that the s...

详细分析 ▾

ℹ 用途与能力

The name/description match the included templates and workflows: creating, triaging, listing, and managing markdown todo files. One small inconsistency: the docs reference interacting with the gh CLI and slash commands (/triage, /resolve-pr-parallel) and a 'TodoWrite tool' used by agents, but the skill does not declare required binaries or provide implementations for those integrations. This is likely just a documentation gap rather than malicious behavior.

✓ 指令范围

SKILL.md instructs only on creating, renaming, searching, and editing files under todos/ and using a local template. The provided bash snippets operate on todos/* and assets/, and there are no instructions to read unrelated system files, environment variables, or to transmit data externally.

✓ 安装机制

No install spec and no code files — instruction-only. Nothing will be written to disk by an installer or downloaded from external URLs.

✓ 凭证需求

The skill requests no environment variables, no credentials, and no config paths. That matches its file-based purpose.

✓ 持久化与权限

always is false and disable-model-invocation is true, so the skill will not be force-included or autonomously invoked. It does not request elevated or persistent privileges.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv2.56.12026/4/6

v2.56.1

● 无害

安装命令

点击复制

官方npx clawhub@latest install compound-eng-file-todos

镜像加速npx clawhub@latest install compound-eng-file-todos --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库