ClawHub

Verk Task Management

v1.1.0

Manage tasks, projects, and workflows in Verk — AI-powered task management. Create, update, assign, and track tasks. Add comments, change status, list automa...

0· 599·0 current·0 all-time
by@abhibavishi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, declared binaries (node), and required env vars (VERK_API_KEY, VERK_ORG_ID) align with a Verk task-management CLI. The included commands and README match the stated purpose. Minor documentation mismatch: README mentions 'flows trigger <id>' but the CLI only implements flows list.
Instruction Scope
SKILL.md instructs the agent to run the included node script to call Verk APIs and parse JSON. The runtime instructions only reference the declared env vars and the bundled CLI; they do not ask the agent to read unrelated files or system state.
Install Mechanism
No install spec; this is an instruction-only skill with a local script file. Nothing is downloaded or extracted at install time, and the script has no external package installs (uses Node built-in fetch).
!
Credentials
The skill requires only VERK_API_KEY and VERK_ORG_ID (proportionate). However, the CLI defaults API requests to an AWS execute-api endpoint (https://c0x9lrm7ih.execute-api.us-east-1.amazonaws.com/v1) rather than the public Verk domain referenced in the README (verkapp.com). The CLI will send the VERK_API_KEY in the X-API-Key header to that default endpoint unless VERK_API_URL is overridden — this is a potentially significant mismatch that could result in keys and organization data being sent to an unexpected host.
Persistence & Privilege
Skill does not request always: true, does not persist beyond its files, and does not modify other skill or system configurations. It runs only when invoked.
What to consider before installing
This skill is largely what it says (a Node-based CLI wrapper for Verk), but there is a red flag you should clear before installing or using it: the bundled CLI defaults to an AWS API Gateway domain (execute-api...) rather than the Verk domain referenced in the README. That means your VERK_API_KEY and organization data will be sent to that endpoint unless you set VERK_API_URL to a verified Verk endpoint. Steps to reduce risk: - Verify the correct Verk API base URL with Verk/support or official docs. Do not assume the execute-api URL belongs to Verk. - If you proceed, use a Verk API key with the minimal permissions needed (or a throwaway/test org/key) and monitor its use. - Inspect network logs or use a proxy to confirm where requests actually go when the CLI runs. - Consider editing the script to hardcode the official Verk API_URL (if confirmed) or require VERK_API_URL to be explicitly set before sending requests. - Ask the publisher (owner ID) for provenance: where did the execute-api endpoint come from, and is it an official Verk-hosted gateway? Given the mismatch, do not provide production credentials until you confirm the endpoint is legitimate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fksran928sawj5pc1htm6gh817fap

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsnode
EnvVERK_API_KEY, VERK_ORG_ID
Primary envVERK_API_KEY

Comments