Todoist MCP Server
MCP server for Todoist task management with support for tasks, projects, sections, labels, and comments
Score Breakdown
Server Info
- Package
- todoist-mcp
- Registry
- npm
- Repository
- stanislavlysenko0912/todoist-mcp-server
- Maintainer
- Community
- Category
- Project Management
- Tags
- taskstodoproductivity
- Last Scanned
- 7 Apr 2026
Findings
9 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Requires API_KEY env var which is a Todoist personal API token. No HTTP transport, no OAuth support. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
HIGHRequired fields missing on 10 write operations
Write tools without required field declarations: update_tasks, close_tasks, reopen_tasks, delete_tasks, move_tasks.
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 6 of 35 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
MEDIUMOverlapping tool descriptions may cause wrong selection
Similar descriptions between tools could cause the LLM to pick the wrong one.
Differentiate descriptions with unique use cases.
Data Exposure
MEDIUM5 list operations lack pagination
get_tasks_list has a limit param (default 50). get_completed_tasks has cursor pagination and limit (max 200). List tools for projects, labels, sections, and shared labels return all results without pagination. No field selection - returns full records.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by stanislavlysenko0912
No official vendor backing.
Seek vendor verification.
MEDIUM15 dependency vulnerabilities (6 high)
npm audit found 6 high severity CVEs.
Update vulnerable dependencies.
Tools
35 total| Name | Description | Risk |
|---|---|---|
| get_tasks_list | Get tasks list from Todoist | read |
| create_tasks | Create new tasks in Todoist | write |
| get_tasks | Get tasks from Todoist | read |
| update_tasks | Update tasks in Todoist | write |
| close_tasks | Close tasks in Todoist | write |
| reopen_tasks | Reopen tasks in Todoist | write |
| delete_tasks | Delete tasks from Todoist | admin |
| move_tasks | Move tasks to a different parent or section in Todoist. Exactly one of parent_id, section_id, or project_id must be provided | write |
| get_completed_tasks | Get completed tasks from Todoist with filtering options. Date range limited to 3 months max. | read |
| get_projects_list | Get all projects from Todoist | read |
| create_projects | Create new projects in Todoist | write |
| get_projects | Get projects from Todoist | read |
| update_projects | Update projects in Todoist | write |
| delete_projects | Delete projects from Todoist | admin |
| get_collaborators | Get all collaborators for a project in Todoist | read |
| move_projects | Move a projects to a different parent in Todoist | write |
| get_comments_list | Get comments list from Todoist | read |
| create_comments | Create new comments in Todoist | write |
| get_comments | Get comments from Todoist by ID | read |
| update_comments | Update comments in Todoist | write |
| delete_comments | Delete comments in Todoist | admin |
| get_labels_list | Get all personal labels from Todoist | read |
| create_labels | Create a new personal labels in Todoist | write |
| get_labels | Get a personal label from Todoist | read |
| update_labels | Update a personal label in Todoist | write |
| delete_labels | Delete a personal label in Todoist | admin |
| get_shared_labels | Get all shared labels from Todoist | read |
| rename_shared_labels | Rename a shared label in Todoist | write |
| remove_shared_labels | Remove a shared label in Todoist | admin |
| get_sections_list | Get sections list from Todoist | read |
| create_sections | Create new sections in Todoist | write |
| get_sections | Get sections from Todoist | read |
| update_sections | Update sections in Todoist | write |
| delete_sections | Delete sections in Todoist | admin |
| utils_get_colors | Get available colors for projects, labels, filters in Todoist | read |
Deploy Todoist MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow