ClawHub

Eisenhower Task Manager

v1.0.7

Task management based on Eisenhower Matrix + P0-P2 priority with Customer Project Management. Four quadrants for execution, separate Customer Project List fo...

0· 268·1 current·1 all-time
by@yayayahei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims a task manager + dashboard and includes code to parse markdown task files, an Express/WebSocket server, a frontend, and instructions to launch the dashboard. Required capabilities (read/write task files, run a local Node server, install npm deps optionally) align with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read and modify files under the user's workspace/tasks (add, delete, renumber, archive). That is necessary for a file-backed task manager, but it is a substantial permission (the skill will edit user's files). The SKILL.md also instructs offering to open a local dashboard in the browser (opt-in). Verify you are comfortable with automated edits to the specified task files before use.
!
Install Mechanism
There is no packaged install spec; the dashboard includes start/check scripts that run `npm install` (dashboard/check-and-install.sh and start.sh rely on npm). Installing will fetch packages from the npm registry and write node_modules on disk — this is typical but carries the usual supply-chain risk (postinstall scripts, dependency compromise). Review dashboard/package.json and prefer running installs in a controlled environment.
Credentials
The skill requests no environment variables, credentials, or unrelated config paths. It accesses files under the user's workspace/tasks and will write a local port.conf — these file accesses are proportional to a local task manager.
Persistence & Privilege
always:false and the design is opt-in (user approval to open dashboard). However, the Node server uses server.listen(port) without an explicit host, which in Node typically binds to all interfaces by default (0.0.0.0). That may expose the dashboard/API to other hosts on the local network. If you intend to run the dashboard, consider restricting binding to localhost (127.0.0.1) or ensuring firewall rules block external access.
Assessment
This skill appears to be what it claims: a file-backed task manager with an optional local web dashboard. Before installing/use: 1) Inspect dashboard/package.json and parser.js for any unexpected dependencies or postinstall scripts; 2) Run npm installs in a controlled environment (not as root) or review packages first; 3) Be aware the skill will read and modify files under your workspace/tasks directory — back up those files first; 4) If you run the dashboard, either confirm it binds only to localhost or use local firewall rules so the HTTP/WebSocket endpoints are not reachable from the wider network; 5) If you want higher assurance, ask the maintainer for the package.json and parser.js contents or run the server in a sandbox/container.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d0w7wddnx3hr8f3rnnzjt5s8510s1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments