← Back to Skills Marketplace
Taskboard Cli
by
Bingji Guo
· GitHub ↗
· v3.0.1
· MIT-0
233
Downloads
0
Stars
0
Active Installs
10
Versions
Install in OpenClaw
/install taskboard-cli
Description
Lightweight task management CLI for multi-agent workflows. SQLite backend, no external dependencies or credentials. Status-change hooks emit agent instructio...
Usage Guidance
What to consider before installing:
- The shipped Python CLI (scripts/taskboard.py) appears to be a local SQLite tool and does not itself make network calls — that part is coherent and low-risk.
- The reference docs, however, describe optional GitHub and webhook integrations that require you to supply tokens (e.g., GITHUB_TOKEN, Discord webhooks) and run wrapper scripts that perform network requests. These integrations are not declared in the registry metadata — treat them as opt-in and only provide secrets to trusted processes.
- Documentation inconsistencies: one reference uses a JSON file-based model (taskboard.json) while the actual code uses SQLite; this suggests stale or copy-pasted docs. Verify which backend you will use before relying on automation.
- The CLI lets you override the DB path (--db). Don't point it at system or sensitive files; running the tool with a path you don't control could read/overwrite data with the running user's permissions.
- Hooks are printed to stdout and may contain instructions that an agent could act on (e.g., send messages, spawn sessions). Ensure your agents do not auto-execute hook output unless you trust the source and have validation/sanitization in place.
- Recommended actions: inspect the full scripts/taskboard.py (including the truncated portion), run the tool in an isolated/sandbox environment, and if you enable GitHub/webhook integrations, use least-privilege tokens and separate service accounts. If anything in the references will be run automatically by an agent, require explicit user approval before providing credentials or enabling networked wrappers.
Capability Analysis
Type: OpenClaw Skill
Name: taskboard-cli
Version: 3.0.1
The taskboard-cli skill is a legitimate SQLite-based task management tool for multi-agent workflows. The Python implementation (scripts/taskboard.py) follows security best practices, such as using parameterized queries to prevent SQL injection and restricting file operations to the local database. The 'Hooks' feature, which emits instructions for agents to follow upon task status changes, is a documented orchestration mechanism and lacks any evidence of malicious intent or hidden prompt-injection attacks. The documentation (references/github-backend.md and others) provides standard integration guides without requesting unauthorized access or exfiltrating data.
Capability Assessment
Purpose & Capability
The package's name/description and the included script indicate a local SQLite-backed CLI with no required credentials — that matches most of the code. However, reference docs include optional GitHub and webhook integrations that require external tokens and network calls (GITHUB_TOKEN, Discord webhooks). Another reference (taskboard-setup.md) describes a taskboard.json storage model that contradicts the actual SQLite schema and scripts. These documentation inconsistencies mean the stated purpose ('no external dependencies or credentials') is not uniformly true across the repository.
Instruction Scope
SKILL.md and scripts/taskboard.py implement only local DB operations and emit hook lines to stdout; hooks are intentionally formatted for agents to read and act on. That is within scope. However, the references show example wrapper scripts and cron/webhook patterns that would parse hook output and make network calls — those wrappers live outside the skill but the docs teach how to wire them up. Also the CLI allows an arbitrary --db path, which can read/write any file the running user allows; this is expected functionality but worth noting as an escalation vector if the DB path is pointed at sensitive files.
Install Mechanism
No install spec is provided and no external packages are automatically downloaded; the skill ships source files (Python + SQL) and appears to be instruction-only in terms of installation. This is low-risk from installation mechanics.
Credentials
Registry metadata declares no required environment variables or primary credential, and the CLI itself doesn't require env vars. But references/github-backend.md explicitly instructs using GITHUB_TOKEN and shows curl commands that would send that token. references/webhook-integration.md shows storing webhook URLs/tokens in config. These are optional integrations, but the SKILL.md's blanket claim of 'no credentials' is misleading; users could be prompted to provide sensitive tokens to adapters described in the docs.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is not persistent beyond its files. It creates/uses a local DB (default scripts/taskboard.db) which is reasonable for a CLI tool. The ability to override --db is normal but should be used carefully.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install taskboard-cli - After installation, invoke the skill by name or use
/taskboard-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.1
Add rejected status back (todo/in_progress/done/blocked/rejected)
v3.0.0
SQLite backend (replaces JSON). No urllib/subprocess/os.environ. 4 statuses: todo/in_progress/done/blocked. Hooks print to stdout only.
v2.1.0
Simplified statuses: todo/in-progress/done/blocked. Removed review and rejected. Use hooks for review workflows (create follow-up tasks, notify agents).
v2.0.1
Removed test file from package (contained subprocess import that triggered security scan). Tests kept locally, not shipped.
v2.0.0
v2: Removed all network code. Pure local JSON, zero external deps. GitHub sync moved to reference doc (agent-guided). No urllib/subprocess/os.environ. 30 tests passing.
v1.2.2
Declared GITHUB_TOKEN requirement and hook behavior in frontmatter description (metadata level). GitHub backend optional, hooks emit instructions only.
v1.2.1
Added explicit credential docs: GITHUB_TOKEN requirement declared in SKILL.md, security notes for hooks and GitHub sync, least-privilege token guidance.
v1.2.0
Removed exec hooks (security). Hooks now support message + session only. 32 tests passing.
v1.1.0
Added hooks system: on-done/on-review/on-change triggers with message/session/exec actions, template interpolation, add-hook command, transition matching. 32 tests passing.
v1.0.0
Pluggable task management CLI for multi-agent workflows. Local JSON + GitHub Issues backend. Task lifecycle, cross-agent handoffs, cron-friendly summaries.
Metadata
Frequently Asked Questions
What is Taskboard Cli?
Lightweight task management CLI for multi-agent workflows. SQLite backend, no external dependencies or credentials. Status-change hooks emit agent instructio... It is an AI Agent Skill for Claude Code / OpenClaw, with 233 downloads so far.
How do I install Taskboard Cli?
Run "/install taskboard-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Taskboard Cli free?
Yes, Taskboard Cli is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Taskboard Cli support?
Taskboard Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Taskboard Cli?
It is built and maintained by Bingji Guo (@ckouder); the current version is v3.0.1.
More Skills