Verk Task Management
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is consistent with a Verk task-management integration, but it requires a Verk API key and can change or delete tasks, so users should use a scoped key and review destructive actions.
Before installing, verify that you trust this Verk skill and its API endpoint, then provide a scoped Verk API key with only the permissions you need. Be careful with update and delete requests, and confirm the exact task ID before allowing destructive changes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone with access to the configured API key could perform Verk actions allowed by that key, including task changes in the selected organization.
The skill sends the user's Verk API key to the configured API endpoint for organization-scoped operations. This is necessary for the stated purpose, but the key grants account authority.
const API_BASE = process.env.VERK_API_URL || 'https://c0x9lrm7ih.execute-api.us-east-1.amazonaws.com/v1'; ... 'X-API-Key': API_KEY
Use a least-privilege, revocable Verk API key; keep it out of shared logs or shell histories; and verify any VERK_API_URL override before use.
A mistaken natural-language request or wrong task ID could update or delete the wrong Verk task.
The skill exposes create, update, comment, and delete operations. These are purpose-aligned, but task deletion or incorrect updates can affect business workflow data.
When asked to delete or remove a task, use `tasks delete <taskId>`.
Confirm task IDs and intended changes before destructive or high-impact actions, especially deletions.