Security checks across malware telemetry and agentic risk
This appears to be a real Vikunja task-management integration, but it documents broad write/delete/sharing powers and recommends credential persistence in a way users should review carefully.
Install only if you want OpenClaw to manage real Vikunja data, including deletes, bulk edits, sharing, and membership changes. Prefer the packaged helper script over the unpinned curl-to-/usr/local/bin command, use a least-privileged Vikunja API token, store secrets in OpenClaw's secure env or a secret manager rather than ~/.bashrc, and review any delete, share, bulk update, or rights-change command before it runs.
Save `vikunja.sh` to a directory in your PATH for convenient CLI access: ```bash curl -sL https://raw.githubusercontent.com/ashanzzz/openclaw-person-skills/main/skills/vikunja-task-api/vikunja.sh \ -o /usr/local/bin/vikunja && chmod +x /usr/local/bin/vikunja ```
```bash echo 'export VIKUNJA_URL="http://your-vikunja-instance:3456"' >> ~/.bashrc echo 'export VIKUNJA_TOKEN="tk_your_token"' >> ~/.bashrc source ~/.bashrc ```
67/67 vendors flagged this skill as clean.
