ClawHub

项目中枢 / Project Nerve

v1.1.0

项目中枢 — 跨平台项目管理聚合器,统一管理 Trello、GitHub Issues、Linear、Notion、Obsidian 任务,支持自学习引擎和任务关系图谱

0· 107·0 current·0 all-time
byJun Zhang@hanjing5024064
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts implement connectors, aggregation, graph, learning engine and writers for the listed platforms. The optional environment variables (Trello/GitHub/Linear/Notion/Obsidian) directly relate to the declared purpose.
Instruction Scope
SKILL.md instructs the agent to run the included Python scripts which: call the listed platform APIs over HTTPS, read/write local data files under ~/.openclaw-bdi/project-nerve (or PNC_DATA_DIR), and — if Obsidian is connected — scan .md files in the user-specified vault path. The doc explicitly tells the agent not to solicit tokens in chat, but the CLI helpers accept --data JSON which could include credentials if misused; operator should avoid pasting secrets into chat or untrusted command inputs.
Install Mechanism
No install spec; this is an instruction + bundled code skill. There are no remote downloads or installers in the bundle. All code is local and will only be executed when the agent runs the provided scripts.
Credentials
Environment variables are optional and appropriate for the platforms supported. No unrelated credentials are requested. The skill creates and reads files in a data directory under the user's home (configurable via PNC_DATA_DIR). Be aware connecting Obsidian requires a filesystem path, which grants the skill read access to files under that path.
Persistence & Privilege
always:false and no indication the skill modifies other skills or system-wide agent settings. It persists its own data (sources.json, tasks_cache.json, learning.json, task_graph.json) under the user's data directory, which is expected for local stateful tools.
Assessment
This skill appears to do what it claims, but review and follow these precautions before installing: (1) Only provide platform tokens via environment variables (PNC_*), not in chat; avoid pasting secrets into --data JSON or messages. (2) If you connect Obsidian, the skill will read .md files under the provided vault path — only point it at a vault you trust it to scan. (3) Check and, if desired, set PNC_DATA_DIR to control where files are written (default is ~/.openclaw-bdi/project-nerve). (4) Use least-privilege tokens (scoped GitHub PAT, minimal Notion integration permissions, etc.). (5) Because this skill runs local Python scripts, review code (already included) if you require absolute assurance; the provided files show no hidden network endpoints or obfuscated exfiltration. If you want extra certainty, provide the omitted file sections for a complete review.

Like a lobster shell, security has layers — review code before you run it.

automationvk971s3txmb1txwc263p4mf8vvh8374y1cross-platformvk971s3txmb1txwc263p4mf8vvh8374y1latestvk971s3txmb1txwc263p4mf8vvh8374y1obsidianvk971s3txmb1txwc263p4mf8vvh8374y1project-managementvk971s3txmb1txwc263p4mf8vvh8374y1task-trackingvk971s3txmb1txwc263p4mf8vvh8374y1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments