AI-Driven Project Management: TensorPM
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill bundle describes an AI-powered project management application with local-first architecture. Installation instructions use standard package managers (Homebrew) or direct downloads from `tensorpm.com` and GitHub releases. The `SKILL.md` documents a local A2A agent endpoint running on `localhost:37850` without authentication, which is a common design for local services but means any local process can interact. It also details a feature to create projects from local files (`documentPath`). While these capabilities involve local network and file access, they are explicitly for the stated purpose of the application and do not show any clear evidence of intentional malicious behavior, data exfiltration, or prompt injection with harmful objectives from the skill bundle itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other local tools or agents on the same machine may be able to read project data and conversation history unless optional authentication is enabled.
The documented A2A interface is unauthenticated by default and can return complete project data and message history, so any trusted local caller or local agent could access sensitive project information while TensorPM is running.
**No authentication required** — A2A runs on localhost only, all local requests are trusted. ... `GET /projects/:id` | Get complete project data ... `GET /projects/:id/contexts/:ctxId/messages` | Get message history
Enable `A2A_HTTP_AUTH_TOKEN` before using A2A, run TensorPM only with trusted local agents, and avoid storing sensitive projects unless you are comfortable with the local access model.
An agent with access to the local endpoint could alter project-management data or switch workspaces in ways the user did not intend.
The A2A REST surface includes mutation operations for projects, action items, and active workspaces, but the artifact does not describe confirmation, rollback, or scoped approval for those changes.
`POST /projects` | Create a new project ... `POST /projects/:id/action-items` | Create action items ... `PATCH /projects/:id/action-items/:itemId` | Update an action item ... `POST /workspaces/:id/activate` | Switch to a different workspace
Treat create/update/switch operations as high-impact actions, require explicit user confirmation in workflows, and prefer token-protected A2A access.
Supplying provider keys lets TensorPM use the selected AI accounts and may incur provider usage or billing.
The skill asks users to provide AI provider API keys. That is expected for the stated AI-provider integration and is disclosed as write-only storage, but the keys still grant account/billing access to those providers.
Use the `set_api_key` tool to configure AI providers directly from your AI client: ... provider: "openai" ... api_key: "sk-..." ... Keys are securely stored in TensorPM. Write-only - keys cannot be read back.
Use provider keys with the minimum needed scope where possible, monitor provider usage, and rotate keys if you later stop trusting the app or the local environment.
Installing the skill effectively requires trusting the TensorPM desktop app and its release/update channel.
The skill depends on installing an external desktop application from vendor/GitHub download channels; the registry artifact itself contains no app code to inspect.
brew tap neo552/tensorpm ... brew install --cask tensorpm ... curl -fsSL https://tensorpm.com/download/linux -o ~/TensorPM.AppImage ... Direct Downloads ... TensorPM-Setup.exe ... TensorPM-macOS.dmg ... TensorPM-Linux.AppImage
Download only from the official links, verify platform signing/notarization where available, and review the installed MCP/A2A configuration before use.
Sensitive project instructions or mistaken agent outputs may remain in TensorPM history and influence later conversations.
The app maintains project conversation contexts and message history, which is expected for project management but means prior content can persist and be reused.
Continue a conversation by passing `contextId` ... `GET /projects/:id/contexts` | List conversations ... `GET /projects/:id/contexts/:ctxId/messages` | Get message history
Review what is stored in project contexts, avoid placing secrets in conversations, and use any available retention or deletion controls for sensitive projects.