Taskline Integration
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent MyTaskline task-management integration, but it requires a full-access task API key and can create or update tasks, projects, and people in your account.
Install this only if you trust MyTaskline.com and the skill package with your task data. Protect the API key in references/config.json, use a scoped or dedicated key if available, avoid putting secrets into task descriptions, and review complex natural-language commands before allowing the agent to create or update items.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with access to the configured key can read and change your MyTaskline tasks.
The skill requires a personal MyTaskline API key with full task access. This is expected for the integration, but it is a sensitive credential and the registry metadata does not declare a primary credential.
Your API key provides full access to your tasks. Keep it private and never share it.
Use a dedicated or scoped API key if MyTaskline supports it, store references/config.json securely, and rotate the key if it may have been exposed.
A loosely worded request could create extra projects or people entries in your MyTaskline account.
The skill can automatically create projects and people records from parsed natural-language text. This is disclosed and purpose-aligned, but it is account mutation without a separate confirmation step shown in the artifacts.
print(f"📁 Creating new project: {project_name}") ... return api_request("POST", "projects", { ... }) ... print(f"👤 Creating new person: {name}") ... return api_request("POST", "people", { ... })Review natural-language commands before sending them, especially when naming projects or people, and check the MyTaskline dashboard after complex requests.
Information you put into task requests may be stored by MyTaskline.com.
Task titles, descriptions, priorities, and due dates are sent to the configured MyTaskline API. This provider data flow is central to the skill and is disclosed, but it can include private work or personal information.
response = requests.post(f"{config['baseUrl']}/tasks", json=payload, headers=headers)Avoid putting secrets, credentials, or highly sensitive private details into task text unless you are comfortable storing them in MyTaskline.
Dependency installation may vary by environment and could be affected by local Python package configuration.
The setup documentation relies on installing the Python requests package without a pinned version, while the registry install spec is otherwise empty. This is common for a small Python integration, but users should install dependencies from a trusted environment.
Module not found: requests ... Install with `pip install requests`
Install dependencies from the official Python package index or a trusted mirror, preferably in a virtual environment.