OmniFocus

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to do what it says—manage OmniFocus tasks locally—but users should confirm before letting it change tasks.

Install only if you want Clawdbot to read and manage your OmniFocus tasks. Before allowing changes, ask it to list matching tasks and confirm the exact target, especially for common task names.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If the wrong task name is supplied or duplicate names exist, the agent could complete or update an unintended task.

Why it was flagged

The script can mutate persistent OmniFocus data by completing the first matching task name; this is purpose-aligned, and SKILL.md instructs confirmation before modifying tasks.

Skill content

if (allTasks[i].name() === taskName && !allTasks[i].completed()) { ... allTasks[i].markComplete(); ... return true; }

Recommendation

List matching tasks first and explicitly confirm the target before completing or updating any task.

Info

#ASI06: Memory and Context Poisoning

What this means

Task names, notes, projects, tags, and due dates may be visible to the agent when listing or searching tasks.

Why it was flagged

Search and list operations include task notes in returned JSON, so private OmniFocus task content can be brought into the agent conversation.

Skill content

const note = (task.note() || "").toLowerCase(); ... note: task.note() || ""

Recommendation

Avoid storing highly sensitive secrets in OmniFocus task notes, and review results before sharing or summarizing them elsewhere.