Registry/Todoist MCP Server

Todoist MCP Server

v1.0.7
Verified

MCP server for Todoist API

By CommunityMIT
typescript
automation
2stars
229downloads
2forks
Scanned Jul 13, 2026
WebsiteRepositoryGITHUB
F0%
Scanned 6d ago

Critical Issues

Vulnerabilities Found
3Crit
5High
1Med
0Low
0Info

Security ScoreF

0
out of 100

Vulnerabilities Found

3
Crit
5
High
1
Medi
0
Low
0
Info
Last scanned: 7/13/2026

Quality ScoreC

59
out of 100
67
Maint.
27
Popular
56
Docs
78
Compat
Maintenance67%
Popularity27%
Documentation56%
Compatibility78%

Maintenance67

Unknown
Commit Frequency65%
Release Frequency70%
Issue Response65%

Popularity27

2
Stars
229
Downloads
2
Forks
Stars Score13%
Downloads Score43%
Forks Score17%

Documentation56

README Quality55%

Available Documentation

API DocsExamplesChangelog

Compatibility78

MCP Spec Compliance80%
Transport Support75%

Features

TypeScript

Supported Transports

STDIO

Agentic MCP Risk Intelligence

MCPSafe checks risks unique to AI-connected MCP servers — prompt surfaces, model-controlled tools, credentials, filesystems, and network reachability.

2
agentic findings
Agentic risk detected

This server has at least one issue specific to AI-agent/MCP execution flows.

Prompt Injection Surface
0

Tool metadata can steer or hijack AI clients before a user invokes the tool.

AI → Command Execution
0

Model-selected tool arguments can reach shell/process execution.

Secret Exfiltration Path
0

Tool context combines credential access with outbound network capability.

Unbounded Filesystem
0

AI-controlled paths may access files outside the intended workspace.

Agent SSRF
2

AI-controlled URLs may reach local, metadata, or internal network services.

Vulnerabilities(9)

3Critical
5High
1Medium
Filter:

READMETodoist MCP Server

View source

Todoist MCP Server

⚠️ CREDENTIAL EXPOSURE WARNING ⚠️

Issue

The Todoist API token is logged to console output when debug mode is enabled.

Risk

  • Token visible in terminal history
  • Token captured in log files
  • Token exposed to other processes

Mitigation

  1. Never enable debug mode with real credentials
  2. Rotate API token if exposed
  3. Use environment variables

Status

Fixed in v0.3.0, upgrade required.

Embed Security Badge

Add this badge to your README or documentation

Todoist MCP Server MCPSafe Security
[![Todoist MCP Server MCPSafe Security](https://api.mcpsafe.org
/api/badge/todoist-mcp-vuln.svg)](https://mcpsafe.org/registry/todoist-mcp-vuln)
Need more customization options?Badge Documentation

Server Information

Source
GITHUB
Package
todoist-mcp-server
Version
1.0.7
Language
typescript
License
MIT
Transport
STDIO
Added
Jan 20, 2026
Updated
Jul 13, 2026