ClawHub

Asana (PAT)

v0.2.0

Manage Asana tasks, projects, briefs, status updates, custom fields, dependencies, attachments, events, and timelines via Personal Access Token (PAT).

3· 2.1k·4 current·4 all-time
by@l-u-c-k-y
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and README: the script calls the Asana REST API using a PAT and implements task/project workflows. Minor mismatch: the registry metadata lists no required binaries, but the CLI requires Node.js 18+ (documented in README/AGENTS.md). This is a documentation/manifest omission rather than functional misalignment.
Instruction Scope
SKILL.md instructs the agent to run the included Node CLI and to provide an ASANA_PAT; it documents local config storage and sandbox behavior. The runtime instructions do not ask the agent to read unrelated system secrets or contact third-party endpoints outside Asana.
Install Mechanism
There is no install spec (instruction-only published skill) and the repository includes a single dependency-free script. No downloads or external installers are used.
Credentials
Declared required env is ASANA_PAT (primary credential) which is appropriate. The code also checks/uses related env vars (ASANA_TOKEN as an alternative, ASANA_CONFIG_PATH, ASANA_DEFAULT_WORKSPACE) that are not listed in requires.env — this is a small transparency issue but each is reasonable for optional configuration.
Persistence & Privilege
always:false and the skill writes a local config file under the user's home (~/.openclaw/skills/asana.json) for convenience. This is expected for a CLI that maintains defaults/context; it does not modify other skills or system-wide settings.
Assessment
This skill appears coherent and implements a standard Asana CLI that uses a Personal Access Token. Before installing: (1) ensure your agent environment provides Node.js 18+ (the manifest doesn’t declare the node binary requirement, but README/AGENTS.md do); (2) provide a dedicated Asana PAT (ASANA_PAT) and avoid reusing high-privilege tokens; (3) note the skill may create a local config at ~/.openclaw/skills/asana.json or the path set by ASANA_CONFIG_PATH — don't store secrets there if you don’t want them persisted; (4) the code also accepts ASANA_TOKEN, ASANA_DEFAULT_WORKSPACE, and ASANA_CONFIG_PATH as optional env vars (these are not listed in the registry metadata), so be mindful if you expose additional env values to the agent; and (5) if you need stronger isolation, run the skill in a sandboxed agent and/or use a short-lived PAT that you can revoke.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776jpbyemdefz4zhymznenps80b0qs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvASANA_PAT
Primary envASANA_PAT

Comments