My Tasks
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for reading your own OpenAnt task history, with the main caveats that it uses your logged-in OpenAnt session and runs an unpinned external CLI through npx.
This looks reasonable for checking your own OpenAnt tasks. Before using it, make sure you are signed into the correct OpenAnt account and understand that it will run the OpenAnt CLI through `npx @latest` and return your personal task history to the agent session.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can query task information associated with the currently authenticated OpenAnt account.
The skill uses the user's authenticated OpenAnt account/session to retrieve personal task history. This is expected for the purpose, but it is still account-scoped access.
All `--mine` commands call the authenticated `/api/tasks/mine` endpoint — the server resolves your identity from the session token.
Use it only when signed into the intended OpenAnt account, and avoid running it if you do not want the agent session to see your task history.
Future changes to the npm package could change what code runs when the skill is used.
The skill runs an external npm CLI package via `npx` using `@latest`, so the exact code executed is not pinned in the skill artifacts.
npx @openant-ai/cli@latest tasks list --mine --json
Prefer a pinned CLI version or a reviewed install mechanism if stronger reproducibility is needed.
The agent can run the listed OpenAnt CLI queries without further confirmation after the skill is invoked.
The skill grants Bash access for a narrow set of OpenAnt CLI commands. The documented use is read-only and purpose-aligned, but it is still shell-based tool execution.
allowed-tools: ["Bash(npx @openant-ai/cli@latest status*)", "Bash(npx @openant-ai/cli@latest whoami*)", "Bash(npx @openant-ai/cli@latest tasks list *)", "Bash(npx @openant-ai/cli@latest tasks get *)"]
Keep use limited to personal task lookup, and review any displayed command if the agent proposes arguments outside the documented `--mine` task queries.