Kan.bn TODO API

v0.1.0

Manage personal TODOs in Kan.bn through API-driven operations. Use this whenever the user wants to create, update, move, prioritize, search, summarize, or cl...

⭐ 1· 453·0 current·0 all-time

byQihao@wujiao233

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

Name/description align with a single-user Kan.bn TODO client and the included script implements appropriate API calls. However, the registry metadata declares no required credentials while the SKILL.md and script clearly require either KANBN_TOKEN or KANBN_API_KEY for operation. That mismatch is unexplained and inconsistent.

ℹ

Instruction Scope

Runtime instructions stay focused on single-user TODO workflows and encourage minimal discovery before mutation. They also instruct the agent to use the provided script, which itself attempts to read ~/.bashrc exports as a fallback for auth. Reading ~/.bashrc is limited to extracting the three Kan.bn-related names, but any file read of a user's shell rc is a privacy surface worth flagging.

✓

Install Mechanism

No install spec is present (instruction-only skill with an included script). Nothing is downloaded during install; risk from install mechanism is low. The script will be executed if the agent runs it, and it performs network calls to the Kan.bn API.

Credentials

The script requires a Kan.bn bearer token or API key (KANBN_TOKEN or KANBN_API_KEY) and optionally KANBN_BASE_URL; these are proportionate to the task. But the skill registry didn't declare these required env vars or a primary credential, creating an inconsistency that could surprise users. The script's fallback to parse ~/.bashrc to find these values increases the chance of inadvertently exposing secrets stored there.

✓

Persistence & Privilege

The skill is not forced into every agent run (always: false), is user-invocable, and does not request elevated or system-wide privileges. It does not attempt to modify other skills or global agent settings.

What to consider before installing

This skill appears to implement a legitimate single-user Kan.bn TODO client, but note two things before installing: (1) the registry metadata does not declare the credentials the skill expects — SKILL.md and the script expect KANBN_TOKEN or KANBN_API_KEY — so be prepared to provide those when using the skill; (2) the included script will try to read ~/.bashrc exports as a fallback to discover those credentials, which is convenient but can expose other stored values if your shell RC contains secrets. Recommended actions: inspect the script yourself (it is included) to confirm no unexpected behavior, avoid putting unrelated secrets in ~/.bashrc, consider creating a scoped/ephemeral Kan.bn API key for this skill, test with the self-test command first (no network access), and only supply credentials when you trust the skill source. If you cannot verify the publisher or prefer not to share credentials, do not enable the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk979frys6e95jw8c8rgmred3d182pj20

453downloads

1stars

3versions

Updated 6h ago

v0.1.0

MIT-0

Kan.bn TODO API

Use this skill to run Kan.bn personal task workflows via scripts/kanbn_todo.py.

Keep the interaction goal-oriented: figure out the user's intended task change, discover any missing IDs, execute the smallest correct API operation, then report the result clearly.

Configure authentication

Set auth before running commands:

KANBN_TOKEN for bearer auth, or
KANBN_API_KEY for API-key auth.

Auth lookup order in kanbn_todo.py:

CLI flags (--token, --api-key, --base-url)
Process environment (KANBN_TOKEN, KANBN_API_KEY, KANBN_BASE_URL)
~/.bashrc export values (for non-interactive runs)

Optional:

KANBN_BASE_URL (defaults to https://kan.bn/api/v1)

If auth is missing, stop early and ask for credentials or confirm the env source.

Follow the standard execution flow

1) Discover context before mutating data

When the user has not provided concrete Kan.bn IDs, resolve them first.

python3 scripts/kanbn_todo.py me
python3 scripts/kanbn_todo.py workspaces
python3 scripts/kanbn_todo.py boards --workspace-id <workspacePublicId>

Use this discovery flow for requests like:

"Add a todo in Kan.bn"
"Move my task to done"
"Find the board with invoices"

If the user already provided exact card/list/workspace IDs, skip the discovery steps you do not need.

2) Create, then read back

After creating a TODO, read it back when the user cares about confirmation, due date, labels, or returned IDs.

python3 scripts/kanbn_todo.py todo-create \
  --list-id <todoListPublicId> \
  --title "Pay electricity bill" \
  --description "Before Friday" \
  --due-date "2026-03-06T09:00:00.000Z"

python3 scripts/kanbn_todo.py todo-get --card-id <cardPublicId>

3) Prefer the narrowest mutation

Choose the command that most directly matches the requested change.

Edit title/description/due date -> todo-update
Change workflow status/list -> todo-move
Add or remove a label -> todo-label-toggle
Delete the task -> todo-delete

Edit fields:

python3 scripts/kanbn_todo.py todo-update \
  --card-id <cardPublicId> \
  --title "Pay electricity + water bill" \
  --description "Do both tonight"

Change status by moving lists (e.g., TODO -> DOING -> DONE):

python3 scripts/kanbn_todo.py todo-move \
  --card-id <cardPublicId> \
  --to-list-id <doingListPublicId>

Delete TODO:

python3 scripts/kanbn_todo.py todo-delete --card-id <cardPublicId>

Apply the priority label policy

When a request asks to set, mark, sort, or batch-assign priorities, use labels (P0-P4) as the source of truth.

Apply priority via label changes.
Do not encode priority in titles.
Keep task titles focused on the actual work item text.
If the correct priority label ID is unknown, inspect board metadata first.
Official Kan.bn docs expose label changes on a dedicated endpoint, not todo-update.

For an existing card:

python3 scripts/kanbn_todo.py todo-label-toggle \
  --card-id <cardPublicId> \
  --label-id <p1LabelPublicId>

Use personal productivity workflows

Search tasks in a workspace:

python3 scripts/kanbn_todo.py search --workspace-id <workspacePublicId> --query "bill"

Add personal notes/comments:

python3 scripts/kanbn_todo.py comment-add --card-id <cardPublicId> --comment "Waiting for invoice"

Track subtasks with checklist:

python3 scripts/kanbn_todo.py checklist-add --card-id <cardPublicId> --name "Prep"
python3 scripts/kanbn_todo.py checkitem-add --checklist-id <checklistPublicId> --title "Download invoice"
python3 scripts/kanbn_todo.py checkitem-update --item-id <checklistItemPublicId> --completed true

Update the personal profile only when the user explicitly asks:

python3 scripts/kanbn_todo.py user-update --name "New Name"

Handle missing information carefully

When the user asks for an operation but key identifiers are missing:

Discover the smallest missing context first
Prefer search when the user describes a task by text instead of card ID
Prefer boards when the missing information is board or list structure
Ask a follow-up question only after exhausting cheap discovery paths

Good examples:

User says "mark my invoice task done" -> search for invoice-related cards, identify the likely card, then move it
User says "add this to my finance board" -> resolve workspace and boards, then ask only if multiple plausible lists remain

Read references only when needed

Read references/common-workflows.md for reusable end-to-end task patterns
Read references/api-scope.md when endpoint details or scope boundaries matter
Read references/smoke-test.md after changing the script or when validating the skill against a live Kan.bn account

Respect scope

Use only single-user TODO endpoints in this skill.

Do not run collaboration, invite, import, integration, or attachment flows here.

Comments

Loading comments...