AI-Driven Project Management: TensorPM
ReviewAudited by ClawScan on May 10, 2026.
Overview
TensorPM appears purpose-aligned, but its local agent endpoint is unauthenticated by default and can read or change project data while the app is running.
Install only if you trust the TensorPM desktop app and its release channel. Before enabling A2A, consider setting `A2A_HTTP_AUTH_TOKEN`, keep TensorPM running only around trusted local agents, and treat project mutations and provider API-key setup as sensitive actions requiring review.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other local tools or agents on the same machine may be able to read project data and conversation history unless optional authentication is enabled.
The documented A2A interface is unauthenticated by default and can return complete project data and message history, so any trusted local caller or local agent could access sensitive project information while TensorPM is running.
**No authentication required** — A2A runs on localhost only, all local requests are trusted. ... `GET /projects/:id` | Get complete project data ... `GET /projects/:id/contexts/:ctxId/messages` | Get message history
Enable `A2A_HTTP_AUTH_TOKEN` before using A2A, run TensorPM only with trusted local agents, and avoid storing sensitive projects unless you are comfortable with the local access model.
An agent with access to the local endpoint could alter project-management data or switch workspaces in ways the user did not intend.
The A2A REST surface includes mutation operations for projects, action items, and active workspaces, but the artifact does not describe confirmation, rollback, or scoped approval for those changes.
`POST /projects` | Create a new project ... `POST /projects/:id/action-items` | Create action items ... `PATCH /projects/:id/action-items/:itemId` | Update an action item ... `POST /workspaces/:id/activate` | Switch to a different workspace
Treat create/update/switch operations as high-impact actions, require explicit user confirmation in workflows, and prefer token-protected A2A access.
Supplying provider keys lets TensorPM use the selected AI accounts and may incur provider usage or billing.
The skill asks users to provide AI provider API keys. That is expected for the stated AI-provider integration and is disclosed as write-only storage, but the keys still grant account/billing access to those providers.
Use the `set_api_key` tool to configure AI providers directly from your AI client: ... provider: "openai" ... api_key: "sk-..." ... Keys are securely stored in TensorPM. Write-only - keys cannot be read back.
Use provider keys with the minimum needed scope where possible, monitor provider usage, and rotate keys if you later stop trusting the app or the local environment.
Installing the skill effectively requires trusting the TensorPM desktop app and its release/update channel.
The skill depends on installing an external desktop application from vendor/GitHub download channels; the registry artifact itself contains no app code to inspect.
brew tap neo552/tensorpm ... brew install --cask tensorpm ... curl -fsSL https://tensorpm.com/download/linux -o ~/TensorPM.AppImage ... Direct Downloads ... TensorPM-Setup.exe ... TensorPM-macOS.dmg ... TensorPM-Linux.AppImage
Download only from the official links, verify platform signing/notarization where available, and review the installed MCP/A2A configuration before use.
Sensitive project instructions or mistaken agent outputs may remain in TensorPM history and influence later conversations.
The app maintains project conversation contexts and message history, which is expected for project management but means prior content can persist and be reused.
Continue a conversation by passing `contextId` ... `GET /projects/:id/contexts` | List conversations ... `GET /projects/:id/contexts/:ctxId/messages` | Get message history
Review what is stored in project contexts, avoid placing secrets in conversations, and use any available retention or deletion controls for sensitive projects.