Asana Remote Mcp
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is purpose-aligned for Asana, but it can use an OAuth-connected Asana account to read and change tasks, projects, and workspace data.
This skill appears coherent and not malicious. Install it only if you want the agent to access your Asana workspace through the connected OAuth account, and pay attention before approving task or project changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could make unwanted changes in Asana, such as creating tasks, changing due dates, completing tasks, or adding followers.
The skill exposes tools that can mutate Asana tasks, projects, and followers. This is consistent with the stated Asana management purpose, and the workflow says to confirm before creating, moving, or completing tasks.
`create_task` — create a new task... `update_task` — update task fields... `create_project` — create a new project... `add_followers_to_task` — add followers
Use it only when you want the agent to manage Asana, and review confirmations before allowing task or project changes.
The agent can act through the connected Asana account within whatever permissions the Asana MCP token allows.
The skill depends on an OAuth token for the user's Asana account. This is expected for the integration and is disclosed, but it grants delegated access to account data and actions.
The OAuth token is injected automatically via `$env:ASANA_MCP_OAUTH_TOKEN` when the user has connected their Asana account through Maverick.
Connect only the intended Asana account/workspace and revoke or reconnect access in Maverick or Asana settings if you no longer want the skill to use it.
Asana task, project, profile, and workspace information may be sent to or returned from the hosted MCP service during use.
Asana data and requests are routed through a remote MCP endpoint. This is disclosed and purpose-aligned, but users should be aware that task and workspace content may be handled through that provider flow.
Use Asana through `mcporter` backed by the official hosted MCP at `https://mcp.asana.com/v2/mcp`.
Avoid using the skill for Asana content you do not want processed through the remote MCP integration, and confirm the connected account is appropriate.