ClawHub

Vikunja Fast

v1.0.0

Manage Vikunja projects and tasks (overdue/due/today), mark done, and get quick summaries via the Vikunja API.

2· 1.9k·3 current·3 all-time
byTomás Migone@tmigone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script uses curl/jq against the Vikunja API, requires VIKUNJA_URL and an auth token (or username/password), and offers list/show/done commands. Required binaries and env vars are appropriate for the declared functionality.
Instruction Scope
SKILL.md and vikunja.sh limit activity to calling the specified Vikunja endpoints (/login, /user, /projects, /tasks). The script only reads the declared env vars (VIKUNJA_URL, VIKUNJA_TOKEN, VIKUNJA_USERNAME, VIKUNJA_PASSWORD) and does not reference other system files or external endpoints. It does not persist credentials to disk.
Install Mechanism
No install spec; the skill is instruction + a small shell helper. No downloads or archives are executed. This is low-risk from an install perspective.
Credentials
Declared primary env (VIKUNJA_TOKEN) and optional username/password align with the API usage. No unrelated secrets or multiple unrelated credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or system-wide settings. It does not claim persistent installation actions beyond providing a helper script.
Assessment
This skill appears to do only what it claims: talk to your Vikunja server and manage tasks. Before enabling it, confirm the VIKUNJA_URL is the correct server and provide a least-privileged token (prefer a short-lived or limited-scope JWT if possible). Avoid storing plain username/password in shared gateway environments; prefer supplying a JWT in VIKUNJA_TOKEN. If you allow autonomous agent invocation, be aware the agent could call the Vikunja API on its own using whatever token is available, so protect that environment variable or Clawdbot config entry.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cmrzkeanxztrcexwxxj5pbd7zqv2v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binscurl, jq
EnvVIKUNJA_URL
Primary envVIKUNJA_TOKEN

Comments