Taskr - Persistent Task Planning & Execution for AI Agents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: taskr Version: 1.1.1 The 'taskr' skill is a cloud-based task management integration for OpenClaw agents, designed to provide persistent task hierarchies and audit trails that survive session resets. The skill's instructions (SKILL.md) guide the agent to use the taskr.one service via the Model Context Protocol (MCP), requiring an API key and project ID. While the skill encourages the agent to upload project context and progress notes to an external endpoint, this behavior is transparently documented and essential to its stated purpose of cross-agent and cross-session continuity. No evidence of malicious intent, unauthorized data exfiltration, or hidden execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Project details, preferences, and task notes may persist beyond the current conversation and be reused later.
The skill intentionally stores task state and notes outside the current chat, so that information can influence later sessions or agents.
Persistent context — tasks, notes, and status survive session resets and context compaction
Do not put secrets, credentials, private customer data, or sensitive internal details into Taskr notes unless you intend them to be stored in the Taskr project.
Another agent using the same Taskr project may continue work based on prior notes or task state, including any mistakes or sensitive details stored there.
The skill is designed for handoff through shared cloud state, which means other authorized agents may read and act on the same task context.
Cross-agent continuity — any agent can pick up any task list from anywhere; `get_task` transfers ownership automatically
Use separate projects or scoped credentials for different users, teams, or sensitivity levels, and review task notes before relying on them for handoff.
Anyone or any agent with this credential may be able to access or modify the associated Taskr project state.
The skill requires a user API key and project identifier to operate against the Taskr service.
"requires":{"env":["MCP_API_URL","MCP_USER_API_KEY","MCP_PROJECT_ID"]},"primaryEnv":"MCP_USER_API_KEY"Use the least-privileged Taskr API key available, keep it out of task notes and chat logs, and rotate it if it may have been exposed.
Users have less provenance information for deciding whether to trust the external Taskr service and its credential handling.
The registry information does not identify a source repository or package provenance, even though the skill connects to an external cloud service.
Source: unknown
Verify the publisher, homepage, and service documentation before installing and before providing an API key.