Is aghareza/taskwarrior safe?
https://github.com/openclaw/skills/tree/main/skills/aghareza/taskwarrior
This is a well-designed, security-conscious Taskwarrior CLI wrapper skill containing only markdown documentation and JSON metadata with no executable code. All data is explicitly scoped to the workspace directory, destructive operations are restricted by a safe command policy, and monitoring detected zero suspicious activity during installation. The skill poses minimal risk.
Category Scores
Findings (4)
LOW Shell command execution by design -5 ▶
The skill instructs the agent to execute shell commands via the task CLI. While commands are well-scoped to Taskwarrior operations and governed by a safe command policy, any skill that directs an agent to run shell commands carries inherent risk if the agent misinterprets user input as task arguments.
LOW Environment variable workspace resolution -5 ▶
The skill resolves the workspace root from environment variables (OPENCLAW_WORKSPACE, WORKSPACE, PROJECT_DIR, REPO_ROOT) before falling back to cwd. If another skill or process sets these to unexpected paths, Taskwarrior data could be written to or read from unintended locations. This is standard practice and not a vulnerability in isolation.
INFO Confirmation disabled for automation -5 ▶
The taskrc configuration sets confirmation=off and verbose=off, disabling Taskwarrior's interactive confirmation dialogs. This is necessary for agent automation but means the agent can execute task mutations without Taskwarrior-level confirmation. The safe command policy mitigates this by restricting destructive operations at the skill level.
INFO Well-designed safety guardrails -5 ▶
The skill includes a comprehensive safe command policy (references/safe_command_policy.md) that explicitly restricts delete/purge operations, requires preview before bulk changes, and prohibits global config writes by default. This demonstrates security-conscious design.