← Back to Skills Marketplace
Monday.com Accountability
by
novalystrix
· GitHub ↗
· v0.1.0
· MIT-0
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install monday-accountability
Description
Manage accountability items on the configured Monday.com board. Use when creating new accountability items, checking on existing ones, running work sessions,...
Usage Guidance
Key points to verify before installing:
- Configuration mismatch: The SKILL.md names plugin config keys (mondayApiToken, boardId) but the helper script expects MONDAY_API_TOKEN and MONDAY_BOARD_ID environment variables or a token in ~/.openclaw/.env. Ask the author which is correct and update the manifest accordingly.
- Credentials: The script needs your Monday.com API token and board ID. Only provide a token with the minimum necessary scope (prefer board-scoped or limited permissions) and avoid supplying a full-admin token.
- Local .env access: The script will try to grep ~/.openclaw/.env for MONDAY_API_TOKEN — confirm you’re comfortable with the skill reading that file and that the file does not contain other sensitive tokens.
- Binaries: The script uses curl and jq but the skill doesn't declare required binaries. Ensure jq is available in the runtime environment or request the author to declare it in the manifest.
- Broad agent actions: The SKILL.md allows spawning sub-agents, performing code-related work, and messaging people. Confirm limits on who may be messaged and whether spawning other agents is allowed in your deployment. Consider running in a sandboxed/test board first.
- Test safely: Try the skill with a test token and test board, monitor the API calls, and review any automated updates the agent writes. If you need higher assurance, ask the author to: (1) fix config/env mismatch, (2) declare required binaries, and (3) document exact permissions and messaging endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: monday-accountability
Version: 0.1.0
The skill instructions in SKILL.md create a significant indirect prompt injection surface by mandating that the agent read and strictly follow instructions retrieved from a remote Monday.com board's 'Details' column. This risk is amplified by instructions to spawn sub-agents (like Claude Code) to execute work based on this potentially untrusted remote data. Additionally, the `monday-api.sh` script accesses sensitive credentials from the user's home directory (~/.openclaw/.env), which, while functional, represents a high-privilege behavior.
Capability Assessment
Purpose & Capability
The skill's name, description, GraphQL snippets and helper script are coherent with a Monday.com accountability agent. However SKILL.md refers to plugin-config keys (e.g., mondayApiToken, boardId) while the included script expects environment variables (MONDAY_API_TOKEN, MONDAY_BOARD_ID) or ~/.openclaw/.env — a mismatch between documented config and actual runtime requirements.
Instruction Scope
Runtime instructions direct hourly 'real work sessions' that include reading all active items/sub-items, creating sub-items, writing updates, updating statuses, and orchestrating sub-agents or people. That orchestration gives the agent broad discretion (spawning coding agents, messaging people) and SKILL.md and script disagree about how credentials are supplied. The instructions also reference reading/assessing code bases ('Read ALL of it') which could expand the agent's access beyond Monday.com data.
Install Mechanism
There is no install spec (instruction-only) which lowers risk. The shipped bash helper uses curl and jq but the skill declares no required binaries; missing declared dependency on jq (and implicitly curl) is a manifest inconsistency that can cause runtime failures.
Credentials
The skill metadata lists no required environment variables, yet the script requires MONDAY_API_TOKEN and MONDAY_BOARD_ID and will fall back to reading ~/.openclaw/.env for MONDAY_API_TOKEN. Requesting the user's Monday API token is expected for functionality, but failing to declare these env vars (and reading a user-local .env file) is an under-specification and increases risk/opacity.
Persistence & Privilege
always:false and no install spec means the skill does not demand permanent forced presence. It does instruct recurring hourly runs (a cron) but does not itself request elevated platform privileges or modifications to other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install monday-accountability - After installation, invoke the skill by name or use
/monday-accountability - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: Autonomous accountability work sessions with Monday.com integration. Config-driven, generalized for any OpenClaw user.
Metadata
Frequently Asked Questions
What is Monday.com Accountability?
Manage accountability items on the configured Monday.com board. Use when creating new accountability items, checking on existing ones, running work sessions,... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.
How do I install Monday.com Accountability?
Run "/install monday-accountability" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Monday.com Accountability free?
Yes, Monday.com Accountability is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Monday.com Accountability support?
Monday.com Accountability is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Monday.com Accountability?
It is built and maintained by novalystrix (@novalystrix); the current version is v0.1.0.
More Skills