Cognary Tasks is an AI-first task manager that turns your spoken thoughts into organized, actionable tasks instantly. Just speak naturally, and Cognary uses AI to prioritize, structure, and manage your to-dos for you. Less effort, more focus — productivity built for the AI era.
PassAudited by ClawScan on May 1, 2026.
Overview
This task-manager skill is coherent and purpose-aligned, but users should notice that it installs a third-party CLI, uses an API key, and can change or delete tasks.
Before installing, verify the cognary-cli package source, configure the API key carefully, and make sure the agent confirms the exact task before updating or deleting anything.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI adds executable code to the user’s environment; a compromised or impersonated package could affect the user account running it.
The skill tells the user to install a global npm CLI package without a pinned version. This is consistent with the skill’s purpose, but users must trust the package source and publisher.
If `cognary-cli` is not installed, install it first: ```bash npm install -g cognary-cli ```
Verify the npm package and publisher before installing, prefer a pinned version if available, and install with the least privileges necessary.
Anyone with the API key may be able to access or modify the user’s Cognary tasks according to the key’s permissions.
The skill requires an API key for the Cognary task service. That is expected for managing a user’s task account, but the key is sensitive credential material.
The `COGNARY_API_KEY` env var must be set. If calls fail with an auth error... Then provide the key so it can be configured
Use a dedicated or least-privileged API key if possible, avoid sharing it in unrelated chats or files, and rotate it if it may have been exposed.
A mistaken command or ambiguous user request could update, complete, or delete the wrong task.
The documented CLI operations include actions that modify or delete task data. These actions are aligned with a task-manager skill, but they can affect user records.
Use for listing, adding, updating, completing, uncompleting, and deleting tasks.
For updates and deletions, confirm the intended task ID and action before running the command, especially when multiple tasks have similar names.