Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Yatta! - Task & Capacity Management
v0.2.2Personal productivity system for task and capacity management. Create and organize tasks with rich attributes (priority, effort, complexity, tags), track tim...
⭐ 0· 1.2k·1 current·1 all-time
byGiddy@chrisagiddings
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill declares task/project/context/comment/calendar/capacity operations and only requests the YATTA_API_KEY (plus an optional YATTA_API_URL). Those credentials and the included curl/jq-based examples are proportionate to a REST API client for Yatta! — there are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md focuses on invoking the Yatta! API, documents which operations are destructive vs read-only, instructs users how to set env vars and to verify the endpoint, and provides safe jq-based patterns. It does not instruct the agent to read unrelated system files or exfiltrate data. The skill explicitly disables autonomous model invocation (manual-only).
Install Mechanism
There is no install spec (instruction-only), which minimizes install risk. Two helper shell scripts are included (verify-endpoint.sh and yatta-safe-api.sh); they are documented as optional and appear to perform read-only verification and safe request construction. Users should still inspect these scripts before running them, but their presence is reasonable and expected for this purpose.
Credentials
Declared environment requirements are limited to YATTA_API_KEY and optionally YATTA_API_URL; the docs explicitly warn the key grants full account access and recommend secure storage and rotation. The requested vars align with the skill's destructive capabilities and are not excessive.
Persistence & Privilege
The skill declares and documents disable-model-invocation (manual-only) to avoid autonomous destructive actions. always:true is not set. Included scripts do not create persistent privileged state. Overall persistence/privilege requests are appropriate for a user-driven integration.
Scan Findings in Context
[shell-json-injection-legacy] unexpected: Historical VirusTotal finding: examples in earlier versions used unsafe curl interpolation leading to RCE/credential-exfiltration risk. The repository includes multiple SECURITY-* docs and a safe wrapper (scripts/yatta-safe-api.sh) and SKILL.md shows jq-based safe patterns that mitigate the issue.
[opaque-endpoint-supabase] expected: Scanner flagged use of a Supabase project URL rather than a branded host. The SKILL.md and verify script explicitly document the Supabase project ID and owner and provide an endpoint verification script (scripts/verify-endpoint.sh) so users can confirm the endpoint before sending keys.
[metadata-inconsistency] unexpected: Registry metadata initially showed missing env/disable-model-invocation entries (reported in CHANGELOG). The project includes changelog entries and SECURITY-ASSESSMENT notes claiming package.json was synced with SKILL.md. Users should confirm the published registry entry matches the SKILL.md/package.json before installing.
Assessment
This skill appears to be what it says: a manual-only Yatta! API client that needs a single API key. Before installing: 1) Verify the registry/package.json metadata matches SKILL.md (ensure disable-model-invocation is set and the required env vars are declared). 2) Inspect the included scripts (scripts/verify-endpoint.sh and scripts/yatta-safe-api.sh) locally and run the verification script to confirm YATTA_API_URL is the official endpoint before exporting your key. 3) Store the YATTA_API_KEY in a secure vault or env var (do not commit it) and test actions on non-critical data first because keys have full account privileges. 4) If you rely on the skill via a published registry entry, confirm the registry now shows the correct required envs (the changelog says this was fixed).Like a lobster shell, security has layers — review code before you run it.
latestvk977djbh1yrmq9n7zf7yq2w8w182229n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.