EffortList AI (Organize Your Life /w Safety)
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent EffortList integration, but it gives an agent persistent API-key access to make meaningful changes to your tasks, schedule, booking links, and appointments.
Install this only if you want your agent to manage your EffortList account. Use a dedicated API key if possible, review destructive or guest-facing actions before approving them, and revoke the key if you stop using the skill.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with this key can use the EffortList API as the user within the platform's permissions.
The skill requires a long-lived bearer credential that lets the agent act on the user's EffortList account.
Human user must generate a Persistent API Key ... Provide the key via the EFFORTLIST_API_KEY environment variable
Only configure the key if you trust the skill and service; store it securely, revoke or rotate it when no longer needed, and prefer a limited-scope key if EffortList offers one.
Mistaken or overly broad agent instructions could modify or delete folders, tasks, todos, or schedule entries.
The documented workflows allow create, update, and delete operations, including deletes that can remove child records.
Supports full CRUD operations, cascading deletes ... deleting a Folder or Task is an Atomic Purge
Review any delete, bulk-edit, or cascading action before it runs, and treat the undo feature as a backup rather than the primary safety control.
A mistaken deletion, reschedule, or recurrence change could cancel appointments or send notifications to other people.
Some task or todo changes can propagate outside the user's private task list by affecting booked appointments and notifying guests.
Deleting the Todo automatically cancels the appointment and notifies the guest via email.
Require explicit confirmation for booked appointments, booking links, availability settings, and any guest-facing schedule change.
A user may underestimate that the referenced API includes chat deletion in addition to viewing chat history.
The reference labels the chat section as read-only while also documenting a destructive chat deletion endpoint.
### 💬 Chats (Read Only) ... `DELETE` | `/api/v1/chats` | Delete chat
Do not allow chat deletion unless it is explicitly requested, and the maintainer should correct the read-only label.