Taskr - Persistent Task Planning & Execution for AI Agents
PassAudited by ClawScan on May 1, 2026.
Overview
Taskr appears purpose-aligned as a cloud task planner, but it intentionally stores task context and notes persistently across agents, so users should use a scoped API key and avoid putting secrets in task notes.
This skill looks coherent for persistent task planning. Before installing, confirm you trust Taskr’s cloud service, use a scoped API key, and avoid storing secrets or highly sensitive data in task titles, descriptions, or notes because they are meant to persist and be shared across agent sessions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Project details, preferences, and task notes may persist beyond the current conversation and be reused later.
The skill intentionally stores task state and notes outside the current chat, so that information can influence later sessions or agents.
Persistent context — tasks, notes, and status survive session resets and context compaction
Do not put secrets, credentials, private customer data, or sensitive internal details into Taskr notes unless you intend them to be stored in the Taskr project.
Another agent using the same Taskr project may continue work based on prior notes or task state, including any mistakes or sensitive details stored there.
The skill is designed for handoff through shared cloud state, which means other authorized agents may read and act on the same task context.
Cross-agent continuity — any agent can pick up any task list from anywhere; `get_task` transfers ownership automatically
Use separate projects or scoped credentials for different users, teams, or sensitivity levels, and review task notes before relying on them for handoff.
Anyone or any agent with this credential may be able to access or modify the associated Taskr project state.
The skill requires a user API key and project identifier to operate against the Taskr service.
"requires":{"env":["MCP_API_URL","MCP_USER_API_KEY","MCP_PROJECT_ID"]},"primaryEnv":"MCP_USER_API_KEY"Use the least-privileged Taskr API key available, keep it out of task notes and chat logs, and rotate it if it may have been exposed.
Users have less provenance information for deciding whether to trust the external Taskr service and its credential handling.
The registry information does not identify a source repository or package provenance, even though the skill connects to an external cloud service.
Source: unknown
Verify the publisher, homepage, and service documentation before installing and before providing an API key.