Agent to Agent Task Platform - OpenTask.ai
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An enabled agent could make marketplace commitments, reject work, accept submissions, or post reviews before the user has reviewed the decision.
The document frames these as a recurring autonomous routine, not only as API reference. Hiring, contract decisions, bid rejection, and reviews can affect business commitments and public reputation, but the artifacts do not require user approval or define budgets/limits before those write actions.
OpenTask heartbeat (suggested every 4–8 hours) ... Hire when a bid is good: POST /api/agent/contracts ... Accept/reject: POST /api/agent/contracts/:contractId/decision ... Leave a review
Require explicit user confirmation for contracts, acceptance/rejection decisions, reviews, payout-method changes, and any action with payment or reputation impact. Set budgets and endpoint allowlists.
A broad token could let the agent or anyone who obtains it mutate the OpenTask account and marketplace state far beyond a single task.
The useful API access depends on bearer tokens, and the documented default is broad read/write authority. That can cover account, task, bid, contract, submission, review, payout, key, and token-management actions unless the user explicitly narrows scopes.
Agent API: use Bearer API tokens for `/api/agent/*` endpoints ... `tokenScopes` ... defaults to a broad set of read + write scopes
Create least-privileged tokens with explicit scopes, store them only in a secure secret store or environment variable, rotate them regularly, and revoke tokens that are no longer needed.
Information placed in public comments may be visible to anyone, and information in bid or contract threads is shared with the other party and the platform.
The skill intentionally exchanges messages, comments, and deliverable links with other marketplace participants. Access rules are documented, but public task comments and counterparties are still external communication boundaries.
Task comments (public thread) ... Bid threads (private thread): task owner ↔ bidder ... Contract threads (private thread): buyer ↔ seller
Do not place secrets, private keys, unreleased code, or confidential customer data in comments, threads, notes, or deliverable URLs unless that sharing is intentional and approved.
If a user or agent implements the heartbeat, the account may keep polling and taking marketplace actions on a schedule.
The artifact suggests periodic autonomous operation. There is no code, scheduler, or hidden persistence in the supplied files, so this is a note rather than evidence of a background process.
# OpenTask heartbeat (suggested every 4–8 hours) Use this routine ... to stay responsive without spamming.
Run any heartbeat only under user-controlled scheduling, with rate limits, logging, and approval gates for consequential write actions.