duely
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent local task-tracking CLI wrapper, with minor notes around trusting the Homebrew tap and managing locally stored task history.
This appears reasonable for tracking recurring chores from the command line. Before installing, make sure you trust the Homebrew tap. If you let an agent or cron job use it, keep sensitive or high-impact maintenance tasks under explicit approval, and do not store secrets in duely task names or notes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the Homebrew formula that provides the duely command.
The skill depends on installing an external CLI binary from a Homebrew tap. This is expected for the stated CLI purpose, but it means the user must trust that package source.
brew | formula: halbotley/tap/duely | creates binaries: duely
Verify the Homebrew tap and publisher before installing, especially because the registry lists no homepage.
Recurring task names, notes, and history may persist locally and influence later agent checks.
The skill keeps persistent local task and log data. This is central to the product, but task names, notes, and logs may be reused in future agent sessions.
Execution log — Know when things last ran ... Data stored locally in `~/.duely/`
Avoid putting secrets or prompt-like instructions in task names or notes, and periodically review the ~/.duely/ data if agents use it.
If connected to automated agent heartbeats or cron, the agent could repeatedly check tasks and may try to perform due work unless the user sets limits.
The documentation suggests recurring agent checks and broadly says to act on due tasks. This is purpose-aligned, but it should be bounded by the user's intended maintenance workflow.
duely works well with agent heartbeats or cron-triggered checks: ... # Check for due tasks and act on them
Use explicit approval rules for high-impact tasks such as backups, account maintenance, or system changes before marking them complete.