Create Task
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is clear, but it grants broad wallet CLI access for crypto-funded tasks and runs an unpinned remote CLI, so users should review it carefully before use.
Install only if you trust the OpenAnt CLI and are comfortable letting the agent prepare OpenAnt task and escrow commands. Before approving any funded task, verify the wallet, chain, token, amount, title, description, and whether the task will be public. Prefer draft creation with `--no-fund` until you are ready to fund.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the OpenAnt CLI exposes wallet actions beyond balance checks, the agent would have tool permission to attempt them, not just check balances.
The instructions only describe using `wallet balance`, but the tool grant allows any `wallet` subcommand pattern. For a crypto-wallet workflow, that is broader than the documented need.
allowed-tools: [... "Bash(npx @openant-ai/cli@latest wallet *)"]
Restrict the allowed wallet command to the specific balance check needed, and require explicit user confirmation for any wallet or funding action.
Using the skill can commit funds from the user’s wallet into an escrow transaction.
The skill uses authenticated account and wallet authority to create funded bounties. This is purpose-aligned, but it is financially sensitive.
Creating with funding ... signs and sends an on-chain escrow transaction.
Confirm the account, chain, token, reward amount, and task details before approving any funded task or `tasks fund` command.
Behavior could change if the latest npm package changes after the skill is reviewed.
The skill executes the latest published CLI package at runtime. This is central to the skill’s purpose, but the exact code version is not pinned in the artifact.
Use the `npx @openant-ai/cli@latest` CLI
Prefer a pinned CLI version for repeatable behavior, especially before approving crypto transactions.
Task descriptions shared for AI parsing may leave the local chat environment and be processed by OpenAnt’s service.
The AI-parse feature sends the user’s task description to the OpenAnt CLI/provider flow for parsing. This is disclosed and purpose-aligned, but the prompt may contain private project details.
npx @openant-ai/cli@latest tasks ai-parse --prompt "I need someone to review my Solana program..." --json
Avoid including secrets, private keys, unreleased code details, or confidential business information in AI-parse prompts unless you trust the provider.