ClawHub

Obsidian Tasknotes

v0.1.0

Manage tasks in Obsidian via TaskNotes plugin API. Use when user wants to create tasks, list tasks, query by status or project, update task status, delete tasks, or check what they need to do.

1· 1.6k·0 current·0 all-time
byBenoit Jadinon@benoitjadinon
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the code: the CLI talks to the TaskNotes HTTP API on localhost and exposes create/list/update/delete operations. However, the registry metadata declares no required environment variables while SKILL.md and the script instruct the user to place TASKNOTES_API_PORT and TASKNOTES_API_KEY in a .env at the vault root. That metadata mismatch is incoherent and should be corrected.
!
Instruction Scope
SKILL.md instructs only local HTTP API use (http://localhost:<port>/api) which is appropriate. The included script only issues requests to localhost. However, the script loads a .env file by computing VAULT_ROOT as SCRIPT_DIR.parent.parent.parent.parent and calling load_dotenv(VAULT_ROOT / '.env'). That upward traversal (four levels) is brittle and may end up reading a .env file outside the intended Obsidian vault depending on where the skill is installed, which expands scope beyond the described behavior.
Install Mechanism
This is an instruction-only skill with a small Python script. There is no install spec that downloads arbitrary code. The script declares Python dependencies (requests, python-dotenv) in its header which is reasonable for its purpose.
!
Credentials
The only secret the skill needs in practice is the TaskNotes API token (TASKNOTES_API_KEY) and an optional port variable. That is proportionate. But the registry lists no required env vars (metadata vs SKILL.md mismatch). Also, because the script will load a .env by walking up multiple directories, it may read unrelated secrets if a .env exists elsewhere — increase risk if that file contains other credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not write persistent installation state. It only runs a CLI script and makes local HTTP requests, so its requested level of presence/privilege is appropriate.
What to consider before installing
This skill appears to be a legitimate local TaskNotes client, but take a few precautions before installing: - Verify the registry metadata: the package claims no required env vars but SKILL.md and the script expect TASKNOTES_API_PORT and TASKNOTES_API_KEY in a .env — update or confirm the metadata if you control the registry entry. - Inspect where the skill will be stored and check what VAULT_ROOT resolves to in the script (SCRIPT_DIR.parent.parent.parent.parent). Ensure it will point to your Obsidian vault and not to another directory that contains a .env with unrelated secrets (AWS keys, tokens, etc.). - If you don't want any token stored, enable TaskNotes HTTP API with no auth (SKILL.md mentions leaving token empty) and avoid creating a .env. - Review the included script yourself (scripts/tasks.py) and confirm it only talks to http://localhost:<port> and does not send data externally. The script appears to only contact localhost and print results. - Run in a restricted environment or sandbox if you are unsure, and avoid putting high-value secrets in a .env file that could be picked up by this script. If these checks look good, the skill's behavior is coherent with its purpose. If you cannot verify the VAULT_ROOT path or the .env contents, do not install or run it with sensitive environment files present.

Like a lobster shell, security has layers — review code before you run it.

latestvk977gqcjp14hcajpwkx9gb7w4h809x2b
1.6kdownloads
1stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
Benoit Jadinon@benoitjadinon
latest
Download

TaskNotes Skill

Manage Obsidian tasks via the TaskNotes plugin HTTP API.

Requirements

  1. TaskNotes plugin installed in Obsidian
  2. Enable HTTP API in TaskNotes settings:
    • Open Obsidian Settings → TaskNotes
    • Enable "HTTP API" toggle
    • Set API port (default: 8080)
    • API token: leave empty for no auth, or set a token for security
  3. Environment variables in .env file at vault root (if using auth): 
    TASKNOTES_API_PORT=8080
TASKNOTES_API_KEY=your_token_here
    If TaskNotes has no auth token set, you don't need a .env file.

CLI Commands

# List all tasks
uv run scripts/tasks.py list

# List by status (use your configured status values)
uv run scripts/tasks.py list --status "in-progress"

# List by project
uv run scripts/tasks.py list --project "My Project"

# Create task
uv run scripts/tasks.py create "Task title" --project "My Project" --priority high

# Create task with scheduled time
uv run scripts/tasks.py create "Meeting prep" --scheduled "2025-01-15T14:00:00"

# Update task status
uv run scripts/tasks.py update "Tasks/task-file.md" --status done

# Add/update task description
uv run scripts/tasks.py update "Tasks/task-file.md" --details "Additional context here."

# Delete task
uv run scripts/tasks.py delete "Tasks/task-file.md"

# Get available options (statuses, priorities, projects)
uv run scripts/tasks.py options --table

# Human-readable output (add --table)
uv run scripts/tasks.py list --table

Task Properties

Status and Priority values: Configured in your TaskNotes plugin settings. Run options command to see available values:

uv run scripts/tasks.py options --table

Other fields:

  • projects - Array of project links, e.g. ["[[Project Name]]"]
  • contexts - Array like ["office", "energy-high"]
  • due - Due date (YYYY-MM-DD)
  • scheduled - Scheduled date/time (YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS)
  • timeEstimate - Minutes (number)
  • tags - Array of tags
  • details - Task description (writes to markdown body, not frontmatter)

API Reference

Base URL: http://localhost:8080/api

MethodEndpointDescription
GET/tasksList tasks (supports filters)
POST/tasksCreate task
GET/tasks/{id}Get single task
PUT/tasks/{id}Update task
DELETE/tasks/{id}Delete task
GET/filter-optionsAvailable statuses, priorities, projects

Query Parameters for GET /tasks

  • status - Filter by status
  • project - Filter by project name
  • priority - Filter by priority
  • tag - Filter by tag
  • overdue - true/false
  • sort - Sort field
  • limit - Max results
  • offset - Pagination offset

When to Use

  • "create a task for X" → create task
  • "show my tasks" → list all tasks
  • "show in-progress tasks" → list --status in-progress
  • "mark X as done" → update task status to done
  • "what should I work on" → list tasks by status

Example Workflow

# Morning: Check what to work on
uv run scripts/tasks.py list --status in-progress --table
uv run scripts/tasks.py list --limit 5 --table

# Create task linked to project
uv run scripts/tasks.py create "Finish landing page" \
  --project "Website Redesign" \
  --priority high

# Complete a task
uv run scripts/tasks.py update "Tasks/finish-landing-page.md" --status done

Comments

Loading comments...