Project Manager Pro
v1.0.3Manage and track your tasks and projects via conversation, including creation, prioritization, status updates, breakdowns, and progress check-ins without a UI.
⭐ 0· 73·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the skill creates, stores, and manipulates tasks and projects in ~/.openclaw/workspace/pm-pro and exposes dashboard widgets reading those files. Requested resources (no env vars, no external binaries) are proportionate to a local task manager.
Instruction Scope
SKILL.md and SETUP-PROMPT instruct the agent to parse natural language, create/modify local JSON stores, and perform proactive check-ins. This relies on the agent's LLM/context (task content will be sent to your configured LLM provider as noted in SECURITY.md). The instructions reference respecting the user's timezone from the agent config—they do not explicitly read arbitrary system credentials or unrelated files, but they rely on agent context and configuration being available.
Install Mechanism
No package/install spec in registry (instruction-only), but bundled setup.sh will attempt to install jq via brew/apt-get/dnf if missing (uses sudo on apt/dnf). Installing jq via the system package manager is a reasonable dependency for the scripts, but running the setup script will perform package-manager actions that require privilege on some systems — review before running.
Credentials
The skill requests no environment variables, credentials, or config paths. All data access is to a local workspace directory under the user's home. The README/SECURITY.md explicitly call out that task content is included in agent conversations and therefore will be handled according to the user's LLM provider policy.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide settings. It persists data locally in ~/.openclaw/workspace/pm-pro and may be invoked autonomously by the agent (default platform behavior) for proactive check-ins — that behavior is expected for a task manager but you should be aware of autonomous invocation combined with conversational data sent to your LLM provider.
Assessment
This skill appears to do what it says: it stores tasks locally and uses your agent to create/confirm/adjust them. Before installing:
- Review the bundled scripts (setup.sh, export-tasks.sh, weekly-review.sh) and run them manually if uncomfortable with automatic installs — setup.sh may try to install jq via your system package manager and may require sudo on some systems.
- Understand that task content will be included in agent conversations and therefore sent to whatever LLM provider your agent uses — check that provider's data policy before adding sensitive tasks.
- The skill has no network calls or credentials declared, but it can create proactive notifications (check-ins). If your agent posts in shared channels (team chat, public Discord), task outputs could be visible to others—ensure channel visibility settings are appropriate.
- If you don't use the cross-tool integrations, keep them disabled in settings.json; the package only contains local logic and examples for integrations, not secret tokens.
If you want greater assurance, verify the support/homepage link (normieclaw.ai) independently and inspect the files locally before running setup.sh.Like a lobster shell, security has layers — review code before you run it.
latestvk975p4wnmehx3xd2xgeg9ffg9x83yccz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.