ClawHub

Vikunja-complete

ReviewAudited by ClawScan on May 1, 2026.

Overview

The artifacts are coherent with a Vikunja automation CLI and show no hidden malicious behavior, but the skill can make persistent account changes when invoked.

Before installing, confirm that VIKUNJA_URL points to the intended server, use a least-privilege Vikunja token, review any bulk/delete/token/webhook/attachment commands before execution, and run the smoke test only in a test workspace because it creates and modifies Vikunja data.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI03: Identity and Privilege Abuse
What this means

If the supplied token has broad permissions, the skill can perform broad Vikunja account actions, including creating or deleting API tokens.

Why it was flagged

The skill uses a Vikunja bearer token and includes API-token management commands. This is disclosed and fits the integration, but it gives the skill whatever account authority the supplied token has.

Skill content
export VIKUNJA_TOKEN="<api-or-jwt-token>" ... vikunja.sh tokens create ... tokens delete
Recommendation

Use a least-privilege Vikunja token, avoid administrator-wide tokens unless necessary, and require explicit approval before token-management commands.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

An incorrect invocation could update multiple tasks or delete comments, attachments, filters, webhooks, or tokens.

Why it was flagged

The documented CLI supports bulk changes and deletion actions. They are visible, purpose-aligned command examples, but mistakes could change or remove Vikunja data.

Skill content
bulk-update --ids 101,102,103 ... comments delete ... attachments delete ... filters delete
Recommendation

Review generated commands before running them, especially bulk-update and delete operations, and list or verify target IDs first.

Medium
#ASI07: Insecure Inter-Agent Communication
What this means

Task event data may be delivered to the configured webhook endpoint after the webhook is created.

Why it was flagged

The skill can configure Vikunja webhooks that send future task/project events to a URL. This is a normal integration feature, but it creates a persistent external data flow.

Skill content
webhooks create --project "Inbox" --target-url "http://localhost:8787/hook" --event task.created --event task.updated
Recommendation

Only create webhooks to endpoints you control or trust, and remove webhooks that are no longer needed.