Wrike
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Wrike integration, but it requires a Wrike token and can change or delete Wrike work items, so users should install it only if they trust the npm CLI package and intend to grant that access.
Before installing, make sure you trust the claw-wrike npm package, use a least-privileged Wrike token, and require confirmation for any create, update, comment, or delete action that could affect shared Wrike work.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the skill could update assignments, due dates, statuses, folders/projects, comments, or move Wrike items to the recycle bin.
The skill documents Wrike mutation and deletion commands. This is aligned with the stated management purpose, but an agent using these commands can alter business task data.
claw-wrike task update --id <id> --title "New title" ... claw-wrike task delete --id <id> # Moves to recycle bin
Use dry-run where available, verify item IDs, and require explicit user confirmation before important updates or deletes.
Anyone or anything able to use the configured CLI may be able to read or modify Wrike data allowed by the token.
The skill requires a Wrike API token and stores it locally for the CLI. That credential is necessary for the integration, but it grants access according to the token's Wrike permissions.
requires": {"bins": ["claw-wrike"], "env": ["WRIKE_TOKEN"]} ... claw-wrike config set --token <WRIKE_TOKEN> ... Token is stored in ~/.claw-wrike/config.jsonUse the least-privileged Wrike token available, protect the local config file, and revoke or rotate the token if it is no longer needed.
The npm package will handle the Wrike token and API operations, so its provenance matters even though the skill documentation itself is coherent.
The skill depends on an external npm package to provide the CLI binary, and no code files for that package are included in the submitted artifacts.
node | package: claw-wrike | creates binaries: claw-wrike
Install only if you trust the claw-wrike npm package source, and consider pinning or reviewing the package version used in your environment.