Comment On Task
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is narrowly aimed at OpenAnt task comments, but it lets the agent post authenticated comments without asking for confirmation.
Before installing, consider whether you are comfortable with the agent posting OpenAnt task comments without asking each time. If you use it, confirm the target task and review important comment text yourself.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post a task comment visible to the creator or worker before the user reviews the wording or approves the communication.
This instructs the agent to perform an external account-mutating communication action without user confirmation.
Adding comments is a **routine operation** — execute immediately for progress updates, questions, and acknowledgments. No confirmation needed.
Require user confirmation before adding comments, especially when the user did not explicitly provide the exact comment text.
Actions may be performed as the authenticated OpenAnt user, so comments can be attributed to that account.
The skill depends on authenticated OpenAnt account access to read or add comments, even though no primary credential is declared in the registry metadata.
"Authentication required" — Use the `authenticate-openant` skill
Use this only with the intended OpenAnt account and verify which task is being read or commented on.
A future change to the CLI package could alter behavior without any change to this skill file.
The skill executes an unpinned `@latest` npm CLI at runtime; this is purpose-aligned but means the executed code can change over time.
npx @openant-ai/cli@latest tasks comment <taskId> --content "..." --json
Prefer a pinned CLI version or a reviewed installation path when possible.