Nova Accountability
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Monday.com accountability tracking, but it grants a scheduled agent broad autonomy to do real work, change code/configuration, spawn agents, and message people without tight approval boundaries.
Install only if you intentionally want a recurring autonomous accountability agent. Before enabling cron, set strict approval rules for code changes, configuration changes, messages, and sub-agent delegation; limit the Monday token and communication recipients; and make sure you can stop the workflow quickly.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent could make project changes or contact others based on Monday board items without a separate explicit confirmation for each action.
The skill directs the agent to perform high-impact work such as code changes, configuration changes, and outreach, but the artifacts do not define clear approval gates, safe tool limits, or rollback/containment.
Execute the plan: ... For code work: ... Cursor Agent writes code, test, iterate. ... For non-code work: Do it directly (config changes, research, outreach, etc.)
Require human approval before code/config changes or outreach, limit allowed tools and repositories, and define a rollback process for any changes made during work sessions.
A recurring agent could keep acting after the initial setup, creating changes or communications that the user did not review in real time.
The skill is designed as a recurring autonomous worker, not just an on-demand helper, and its scheduled loop includes actions outside simple Monday status updates.
Every hour (or at your configured frequency), the agent: ... Executes: writes code via Cursor Agent, makes config changes, sends messages
Do not enable the cron workflow unless you have monitoring, a clear kill switch, per-action approval rules, and narrow limits on what the agent may modify or who it may message.
Project details, task context, or sensitive board information could be sent to unintended people or agents.
The skill allows delegation to other agents and messaging people without defining identity checks, recipient allowlists, channel limits, or what project context may be shared.
Sub-agents: Spawn Cursor Agent or other coding agents for implementation ... People: Message anyone who can help ... Don't limit yourself.
Define approved communication channels, allowed recipients, what information may be shared, and require user approval before sending context to external people or agents.
The agent can read board contents and create updates or status changes using the configured Monday.com account token.
A Monday.com token with board read/write access is expected for this integration, but it grants authority to read and mutate the configured board.
Create a new token with `boards:read` and `boards:write` scopes
Use the least-privileged token available, restrict it to the intended workspace/board if possible, and rotate it if the skill is removed or no longer trusted.
Users have less external context for who maintains the skill or where to verify updates.
The artifacts do not provide an upstream source or homepage for provenance, though the included script is visible and no remote installer is present.
Source: unknown; Homepage: none
Review the visible files before installation and prefer a version with a clear source repository or publisher provenance.