Shortcut
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with managing Shortcut boards, but it should be reviewed because it can modify/delete workspace content and sources a generated config file as shell code.
Install only if you are comfortable letting the agent read and modify Shortcut stories using your API token. Before use, review the scripts, avoid sourcing generated config from ~/.bashrc, keep the token file permission-restricted, and confirm any update or delete action before the agent runs it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A description copied from untrusted text or containing special characters could cause the story update to fail or change more than intended.
The description argument is inserted directly into JSON instead of being escaped with jq like other scripts do. User-supplied text containing quotes or JSON syntax could produce malformed payloads or unintended fields in a Shortcut update request.
UPDATES+=("\"description\": \"$2\"")
...
PAYLOAD="{$(IFS=,; echo "${UPDATES[*]}")}"Build all JSON payloads with jq or another JSON-safe encoder, and have the agent confirm status-changing updates before sending them.
If the workflow-states file is tampered with or generated with unsafe content, running the update script could run unintended commands on the user's machine.
The script executes the contents of a configuration file as shell code. That file is generated from Shortcut workflow data and can also be edited locally, so a poisoned or malformed file could execute unintended shell commands when updating a story.
if [ -f ~/.config/shortcut/workflow-states ]; then source ~/.config/shortcut/workflow-states else
Store workflow IDs as data rather than shell code, validate state names, and load values by parsing a safe format such as JSON or key=value with strict variable-name checks.
The token and workflow-state loading may persist across terminal sessions, increasing the impact if the local config file or shell environment is later exposed or modified.
The persistence is disclosed and related to setup, but it places the API token and a sourced shell config into the user's shell startup environment.
Optionally add to `~/.bashrc` for persistence: ```bash export SHORTCUT_API_TOKEN=$(cat ~/.config/shortcut/api-token 2>/dev/null | tr -d '\n') source ~/.config/shortcut/workflow-states ```
Avoid putting long-lived API tokens in shell startup files when possible; prefer a protected config file and do not source generated files from ~/.bashrc.
Anyone or any agent action with access to this token can perform Shortcut operations allowed by that token.
The skill uses a Shortcut API token to act on the user's workspace. This is expected for the stated purpose, but the registry metadata lists no required env vars and no primary credential.
Shortcut API token configured via one of: - Environment variable: `SHORTCUT_API_TOKEN` - File: `~/.config/shortcut/api-token`
Use the least-privileged Shortcut token available, store it with restrictive permissions, and review agent requests before write or delete operations.
The agent can delete checklist tasks or comments from Shortcut stories if it is instructed or mis-invokes the scripts.
The delete operations are disclosed and purpose-aligned, but they can remove Shortcut workspace content when invoked with valid IDs.
**Delete a task:** ```bash scripts/shortcut-delete-task.sh <story-id> <task-id> ``` ... **Delete a comment:** ```bash scripts/shortcut-delete-comment.sh <story-id> <comment-id> ```
Require explicit user confirmation for delete operations and verify the story/task/comment IDs before running them.