ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenProject by altf1be

OpenProject CRUD skill — manage work packages, projects, time entries, comments, attachments, statuses, and more via OpenProject API v3 with API token auth....

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 42 · 0 current installs · 0 all-time installs
byAbdelkrim from Brussels@Abdelkrim
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Error
scripts/openproject.mjs:28
Environment variable access combined with network send.
!
scripts/openproject.mjs:14
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.3
Download zip
latestvk978wptynms6n3r904c6kvb3g1831rmm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
EnvOP_HOST, OP_API_TOKEN
Primary envOP_HOST

SKILL.md

OpenProject by @altf1be

Manage OpenProject work packages, projects, time entries, comments, attachments, and workflow transitions via the API v3. Works with both cloud and self-hosted instances.

Setup

  1. Log in to your OpenProject instance
  2. Go to My Account → Access Tokens → + Add
  3. Create an API token and copy it
  4. Set environment variables (or create .env in {baseDir}):
OP_HOST=https://projects.xflowdata.com
OP_API_TOKEN=your-api-token
OP_DEFAULT_PROJECT=my-project
  1. Install dependencies: cd {baseDir} && npm install

Commands

Work Packages

# List work packages (with optional filters)
node {baseDir}/scripts/openproject.mjs wp-list --project my-project --status open --assignee me

# Create a work package
node {baseDir}/scripts/openproject.mjs wp-create --project my-project --type Task --subject "Fix login bug" --description "Users can't log in"

# Read work package details
node {baseDir}/scripts/openproject.mjs wp-read --id 42

# Update a work package
node {baseDir}/scripts/openproject.mjs wp-update --id 42 --subject "New title" --priority High

# Delete a work package (requires --confirm)
node {baseDir}/scripts/openproject.mjs wp-delete --id 42 --confirm

Projects

# List all projects
node {baseDir}/scripts/openproject.mjs project-list

# Read project details
node {baseDir}/scripts/openproject.mjs project-read --id my-project

# Create a project
node {baseDir}/scripts/openproject.mjs project-create --name "My Project" --identifier my-project

Comments (Activities)

# List comments on a work package
node {baseDir}/scripts/openproject.mjs comment-list --wp-id 42

# Add a comment
node {baseDir}/scripts/openproject.mjs comment-add --wp-id 42 --body "Ready for review"

Attachments

# List attachments on a work package
node {baseDir}/scripts/openproject.mjs attachment-list --wp-id 42

# Upload an attachment
node {baseDir}/scripts/openproject.mjs attachment-add --wp-id 42 --file ./screenshot.png

# Delete an attachment (requires --confirm)
node {baseDir}/scripts/openproject.mjs attachment-delete --id 10 --confirm

Time Entries

# List time entries
node {baseDir}/scripts/openproject.mjs time-list --project my-project

# Log time
node {baseDir}/scripts/openproject.mjs time-create --wp-id 42 --hours 2.5 --comment "Code review" --activity-id 1

# Update time entry
node {baseDir}/scripts/openproject.mjs time-update --id 5 --hours 3 --comment "Updated"

# Delete time entry (requires --confirm)
node {baseDir}/scripts/openproject.mjs time-delete --id 5 --confirm

Statuses & Transitions

# List all statuses
node {baseDir}/scripts/openproject.mjs status-list

# Update work package status
node {baseDir}/scripts/openproject.mjs wp-update --id 42 --status "In progress"

Reference Data

# List work package types
node {baseDir}/scripts/openproject.mjs type-list

# List priorities
node {baseDir}/scripts/openproject.mjs priority-list

# List project members
node {baseDir}/scripts/openproject.mjs member-list --project my-project

# List versions/milestones
node {baseDir}/scripts/openproject.mjs version-list --project my-project

# List categories
node {baseDir}/scripts/openproject.mjs category-list --project my-project

Security

  • API token auth (Basic auth with apikey as username)
  • No secrets or tokens printed to stdout
  • All delete operations require explicit --confirm flag
  • Path traversal prevention for file uploads
  • Built-in rate limiting with exponential backoff retry
  • Lazy config validation (only checked when a command runs)

Dependencies

  • commander — CLI framework
  • dotenv — environment variable loading
  • Node.js built-in fetch (requires Node >= 18)

Author

Abdelkrim BOUJRAF — ALT-F1 SRL, Brussels 🇧🇪 🇲🇦 X: @altf1be

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…