Task
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may add, complete, or otherwise modify task records when the user asks it to, and explicit /task commands are passed through to the tasker tool.
The skill deliberately exposes a raw argument interface to the tasker tool. This is central to its task-management purpose, but users should understand that explicit commands can invoke the underlying tool directly.
command-tool: tasker_cmd command-arg-mode: raw ... For `/task ...`, pass the args through unchanged.
Use this only with a trusted tasker_cmd tool and review explicit /task commands before asking for destructive or bulk changes.
The safety of task execution depends partly on the separately installed tasker_cmd plugin and tasker CLI.
The included skill is instruction-only and depends on an external plugin tool and CLI that are not included in the reviewed artifacts. This is disclosed and purpose-aligned, but provenance of those external components matters.
It expects: - plugin tool `tasker_cmd` allowlisted (recommended) - `tasker` CLI available via plugin `binary` config, `TASKER_BIN`, or PATH
Verify the source and configuration of tasker_cmd and the tasker binary before allowlisting the tool.
Private task details or notes may be saved and later shown in task views or chat-friendly output.
The skill stores and retrieves task text, captured items, and notes in a persistent docstore. That is expected for task management, but the stored content may contain private work or personal information.
Tasker docstore task management... `capture "<text>" --format telegram` ... `note add <selector...> -- <text...>`
Avoid storing secrets in tasks or notes, and review outputs before sharing them into chat channels.