ClawHub

taskwarrior

v0.1.3

Workspace-local task management powered by Taskwarrior. Add, organize, and track tasks by project, tags, due dates, and priority with all data stored inside...

1· 734·2 current·2 all-time
byAli Aghareza@aghareza
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the requested artifact: the skill requires the 'task' (Taskwarrior) binary and performs only Taskwarrior operations scoped to the active workspace. Requested binaries and declared capabilities are proportional to the stated task-management purpose.
Instruction Scope
SKILL.md instructs only Taskwarrior commands and workspace-local file operations (creating .openclaw/taskwarrior/, writing a taskrc there, using TASKRC/TASKDATA env vars). It does not read unrelated system files or exfiltrate data to external endpoints. It explicitly forbids writing global ~/.task unless explicitly requested.
Install Mechanism
No bundled code is present; install metadata references package managers (brew/apt) which is reasonable for obtaining the Taskwarrior binary. The skill itself states it will not perform runtime installs. This is coherent for a CLI-wrapper skill, though there is a small metadata mismatch (SKILL.md metadata includes apt and brew, while registry install spec lists only brew) — a minor documentation inconsistency, not a security issue.
Credentials
The skill requires no credentials or sensitive environment variables. It optionally reads standard workspace-related env vars (OPENCLAW_WORKSPACE, WORKSPACE, PROJECT_DIR, REPO_ROOT) to resolve the workspace root — reasonable and scoped. No unexpected secrets or unrelated services are requested.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. The skill writes only to the workspace-scoped .openclaw/taskwarrior/ area (its own data), which is appropriate for a task-management skill. Autonomous invocation is the platform default but is not in itself a red flag here.
Assessment
This skill is a thin wrapper around the Taskwarrior CLI and appears to be what it claims: it requires the 'task' binary and will store all data under <workspace>/.openclaw/taskwarrior/. Before installing/use: 1) Ensure you trust the environment image (that 'task' is the official Taskwarrior binary). 2) Confirm you are comfortable with the skill writing task state into the workspace directory (it will not touch your global ~/.task or ~/.taskrc unless you explicitly ask). 3) If you do not want the agent to perform writes autonomously, consider restricting autonomous invocation or making the skill user-invocable only. 4) Note the small metadata mismatch around install options (apt vs brew) — confirm your runtime provides Taskwarrior rather than relying on the skill to install it.

Like a lobster shell, security has layers — review code before you run it.

latestvk977w5h5n2tymjxb728q5c9tm581e34f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binstask

Install

Homebrew
Bins: task

Comments