Exponential
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: exponential Version: 1.0.0 The skill is designed to integrate with the 'exponential' productivity platform via its CLI. It instructs the agent to install a global npm package ('exponential-cli') and authenticate using a JWT token. All listed commands are specific to managing tasks, projects, and workspaces within the Exponential platform. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts to subvert the agent's purpose. The prerequisites, while involving external dependencies and sensitive credentials, are plausibly needed for the skill's stated functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the external exponential-cli package and its npm supply chain.
The skill relies on installing a global npm package that is not included in the provided artifacts; this is a disclosed setup step and central to the skill's purpose.
npm install -g exponential-cli
Install the CLI only from the expected official source, consider pinning a known version, and keep it updated intentionally.
Anyone or anything using that authenticated CLI can act within the token’s permissions, including viewing and changing task data.
The CLI authenticates with a JWT token for the Exponential service; this is expected for the integration, but it gives the CLI account-level authority for the user’s Exponential data.
exponential auth login --token <JWT> --api-url https://www.exponential.im
Use only an intended Exponential account or scoped token if available, avoid exposing the JWT in shared logs or chats, and revoke the token when no longer needed.
Incorrect task IDs, due dates, priorities, or statuses could change the wrong work items.
The skill documents commands that create and update Exponential actions; this mutation authority is purpose-aligned but can change user or workspace task records.
exponential actions create -n "Task name" ... exponential actions update --id <actionId> ...
For create or update requests, have the agent summarize the intended change before running it, especially in shared workspaces.