ClawHub

Vikunja Fast

v1.0.0

Manage Vikunja projects and tasks (overdue/due/today), mark done, and get quick summaries via the Vikunja API.

2· 2k·3 current·3 all-time
byTomás Migone@tmigone
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script uses curl/jq against the Vikunja API, requires VIKUNJA_URL and an auth token (or username/password), and offers list/show/done commands. Required binaries and env vars are appropriate for the declared functionality.
Instruction Scope
SKILL.md and vikunja.sh limit activity to calling the specified Vikunja endpoints (/login, /user, /projects, /tasks). The script only reads the declared env vars (VIKUNJA_URL, VIKUNJA_TOKEN, VIKUNJA_USERNAME, VIKUNJA_PASSWORD) and does not reference other system files or external endpoints. It does not persist credentials to disk.
Install Mechanism
No install spec; the skill is instruction + a small shell helper. No downloads or archives are executed. This is low-risk from an install perspective.
Credentials
Declared primary env (VIKUNJA_TOKEN) and optional username/password align with the API usage. No unrelated secrets or multiple unrelated credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or system-wide settings. It does not claim persistent installation actions beyond providing a helper script.
Assessment
This skill appears to do only what it claims: talk to your Vikunja server and manage tasks. Before enabling it, confirm the VIKUNJA_URL is the correct server and provide a least-privileged token (prefer a short-lived or limited-scope JWT if possible). Avoid storing plain username/password in shared gateway environments; prefer supplying a JWT in VIKUNJA_TOKEN. If you allow autonomous agent invocation, be aware the agent could call the Vikunja API on its own using whatever token is available, so protect that environment variable or Clawdbot config entry.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📋 Clawdis
Binscurl, jq
EnvVIKUNJA_URL
Primary envVIKUNJA_TOKEN
latestvk97cmrzkeanxztrcexwxxj5pbd7zqv2v
2kdownloads
2stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Tomás Migone@tmigone
latest
Download

✅ Vikunja Fast Skill

Use Vikunja as the source of truth for tasks and completions, and interact with it from Clawdbot.

Setup

You can provide credentials either via environment variables or via Clawdbot’s skills config.

Option A: Environment variables

Set these environment variables in the same environment where the gateway runs:

export VIKUNJA_URL="https://vikunja.xyz"

# Recommended: use a JWT (starts with "eyJ")
export VIKUNJA_TOKEN="<jwt>"

# Alternative: login with username/password (the helper CLI will request a JWT)
export VIKUNJA_USERNAME="<username>"
export VIKUNJA_PASSWORD="<password>"

Option B: Clawdbot skills config (recommended for the agent)

Edit ~/.clawdbot/clawdbot.json:

{
  skills: {
    entries: {
      "vikunja-fast": {
        enabled: true,
        env: {
          VIKUNJA_URL: "https://vikunja.xyz",
          VIKUNJA_TOKEN: "<jwt>"
        }
      }
    }
  }
}

Notes:

  • VIKUNJA_URL can be the base URL; the helper normalizes to /api/v1.
  • Vikunja auth expects a JWT bearer token for most API calls (Authorization: Bearer <jwt>).
  • If you only have a non-JWT token (often starts with tk_...), use /login to obtain a JWT.

Quick checks

Login (get a JWT)

curl -fsS -X POST "$VIKUNJA_URL/login" \
  -H "Content-Type: application/json" \
  -d '{"username":"YOUR_USERNAME","password":"YOUR_PASSWORD","long_token":true}' | jq

Who am I? (requires JWT)

curl -fsS "$VIKUNJA_URL/user" \
  -H "Authorization: Bearer $VIKUNJA_TOKEN" | jq

List projects

curl -fsS "$VIKUNJA_URL/projects" \
  -H "Authorization: Bearer $VIKUNJA_TOKEN" | jq '.[] | {id, title}'

Commands

This skill ships with a tiny helper CLI:

  • {baseDir}/vikunja.sh

Examples:

# Overdue across all projects
{baseDir}/vikunja.sh overdue

# Due today
{baseDir}/vikunja.sh due-today

# Arbitrary filter (Vikunja filter syntax)
{baseDir}/vikunja.sh list --filter 'done = false && due_date < now'

# Show / complete a task
{baseDir}/vikunja.sh show 123
{baseDir}/vikunja.sh done 123

Notes:

  • Output formatting:
    • Each task should be formated as: <EMOJI> <DUE_DATE> - #<ID> <TASK>
    • Emoji comes from the project title when it starts with one; otherwise uses 🔨
    • Due dates are rendered as Mon/D (time + year removed)
  • This skill uses GET /tasks/all to fetch tasks across all projects

Mark task done

TASK_ID=123

curl -fsS -X POST "$VIKUNJA_URL/tasks/$TASK_ID" \
  -H "Authorization: Bearer $VIKUNJA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"done": true}' | jq

Comments

Loading comments...