Kanban Workflow Export
v0.1.4Kanban Workflow is a TypeScript skill for a stage-based agentic co-worker that integrates PM platforms via CLI-first adapters (CLIs or small wrapper scripts)...
⭐ 0· 312·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code and runtime instructions. Adapters and optional env vars (PLANE_API_KEY, PLANE_WORKSPACE, LINEAR_API_KEY) correspond to the stated platform integrations. No unrelated credentials, binaries, or config-path access are requested.
Instruction Scope
SKILL.md instructs the agent to run Node/npm and to call platform CLIs or bundled wrapper scripts (e.g., scripts/linear_json.sh, scripts/planka_whoami_json.mjs). Those instructions are aligned with the adapter model, but they explicitly grant the skill the same privileges as the chosen CLIs (the README/SECURITY.md also note this). The skill reads/writes its own config/kanban-workflow.json and may install an OpenClaw cron job if you opt into --autopilot-install-cron.
Install Mechanism
There is no opaque download/install in the skill bundle. The package includes source and a package-lock.json; SKILL.md instructs users to run npm ci locally. No external arbitrary URL downloads or extract steps are present in the provided files.
Credentials
No global required environment variables; optional API keys are adapter-specific and justified by their adapters (Linear/Plane). The linear wrapper script will fail if LINEAR_API_KEY is absent, but that is consistent with using the linear adapter. No unrelated secrets or broad system credentials are requested.
Persistence & Privilege
always:false (default). The skill persists config in-repo (config/kanban-workflow.json) and can optionally install a scheduled cron job via a setup flag. These behaviors are documented and expected for a scheduler/agentic worker, but you should only enable autopilot/crons if you trust the runtime and adapter CLI auth.
Assessment
This skill appears coherent with its purpose: it is a TypeScript core that delegates auth/actions to platform CLIs and a few small wrapper scripts. Before installing or running it, review and accept the following: 1) It will execute host CLIs (gh, planka-cli, plane, curl/jq) and therefore inherits their permissions—use least-privilege tokens/accounts for those CLIs. 2) If you select the Linear or Plane adapters you will need API keys (LINEAR_API_KEY, PLANE_API_KEY) which are used by bundled scripts; keep those scoped and stored securely. 3) Setup can write config/kanban-workflow.json into the repo and (if you opt in) install a recurring cron job that will run automations—only enable cron/automation if you want autonomous operations. 4) The repo includes wrapper scripts (scripts/linear_json.sh and scripts/planka_whoami_json.mjs); inspect them if you want to confirm network endpoints and parsing behavior (the Linear script calls api.linear.app). 5) There are no hidden remote installers in the bundle, but running npm ci will install dependencies from npm (inspect package.json/package-lock.json if you need to audit dependencies). If you want an extra safety layer, run the skill in an isolated environment (container/VM) and limit adapter credentials to scoped tokens.Like a lobster shell, security has layers — review code before you run it.
latestvk978qztzcc0ea4n2em0d34hacs81x8rs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.