Og Board Manager
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is a coherent OpenGoat task-board manager; it can create, assign, and update persistent task records, but that is disclosed and aligned with its purpose.
Before installing, make sure you want your agent to manage OpenGoat tasks, including assigning work and updating persistent task records. Confirm the correct agent ID and reportee scope, and avoid adding secrets or sensitive context to task artifacts or worklogs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can create or modify OpenGoat task records and assign work within the org hierarchy.
The skill authorizes task-board mutations and delegation actions. This is expected for a board manager, but users should notice that the agent may change task state and create work for others.
- Create tasks for yourself. - Assign tasks to your direct or indirect reportees. - Read and update task state. - Add blockers, artifacts, and worklogs.
Use it only when you want the agent to manage task-board state, and review assignees, task descriptions, and status changes for important work.
Using the wrong actor ID could cause task operations to be attempted under the wrong organizational identity if the backend permits it.
OpenGoat tool examples are parameterized with an actor ID, so correct identity selection matters for permission boundaries. The instructions do tell the user to use their own agent ID.
Important: replace `amazon-senior-manager` with your agent ID.
Confirm the agent ID and org context before creating or updating tasks, and assign only to yourself or valid reportees as the skill instructs.
Task titles, descriptions, artifacts, and worklogs may be visible to or acted on by other agents assigned through the board.
The task-create workflow sends work items to other agents through the OpenGoat board. This is central to the skill's purpose, but it is still an inter-agent communication path.
"assignedTo": "<agent-id>"
Verify the target agent before assigning work and avoid placing sensitive or unrelated data in task descriptions or artifacts.
Information or instructions placed into task artifacts/worklogs can persist and influence later review or execution.
The skill can add persistent content to task records. Persistent artifacts and worklogs may later be read as task context.
opengoat_task_add_artifact({ "actorId": "amazon-senior-manager", "taskId": "<task-id>", "content": "..." })Keep persisted task content minimal, accurate, and free of secrets or untrusted instructions unless they are clearly labeled as data.