ClawHub

EffortList AI (Organize Your Life /w Safety)

v1.10.2

Manage EffortList AI folders, tasks, and todos. Use when the user wants to organize their life, track projects, or manage schedules via the EffortList AI pla...

2· 803·0 current·0 all-time
byDaniel Ward@quarantiine
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe task and schedule management and the SKILL.md + references exclusively document EffortList API endpoints and behaviors. The only required environment variable is EFFORTLIST_API_KEY, which is appropriate for a REST API integration. No unrelated services, binaries, or system access are requested.
Instruction Scope
Runtime instructions are focused on EffortList endpoints (create/list/patch/delete folders/tasks/todos, availability, undo/redo, /me) and include sensible safety guidance (rate limits, booking protections, timezone alignment). They do not instruct reading local files or other unrelated environment variables. Note: the doc suggests storing the API key in OpenClaw internal config (openclaw config set ...), which will persist the secret in agent config—this is expected but worth the user's awareness.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by the skill's package itself.
Credentials
Only EFFORTLIST_API_KEY is required and it directly matches the documented bearer-token authentication (efai_<48 hex chars>). No additional secrets, credentials, or unrelated env vars are requested.
Persistence & Privilege
always:false (no forced inclusion). disable-model-invocation is false (normal). The SKILL.md suggests storing the API key in OpenClaw config (persistent storage) which grants the agent ongoing access to the EffortList account while the key remains present—this is expected for convenience but is a persistent privilege the user should consider.
Assessment
This skill appears to legitimately implement an EffortList AI integration and only asks for the service API key. Before installing: 1) Verify you trust effortlist.io and the skill publisher (source is unknown in the registry metadata). 2) Prefer supplying the API key via an environment variable rather than writing it into OpenClaw's persistent config unless you understand the implications. 3) Be aware the key is persistent and grants full access to your EffortList data (including destructive operations and appointment cancellations); require explicit user confirmation before any destructive actions. 4) Confirm the developer subscription and key lifecycle (docs say keys are shown once and can only be revoked in the dashboard). 5) If you have concerns about scope, create a separate EffortList account or key you can safely revoke for testing. If you want a tighter review, provide the exact OpenClaw config behavior for stored secrets or evidence of the publisher's identity and website verification.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cw0nmqptpc1yrjrvrwtky4182y1fbstablevk970a199rw3jfv1kss7z38tnqn81gpnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
EnvEFFORTLIST_API_KEY

Comments