← 返回 Skills 市场
chrisagiddings

Yatta! - Task & Capacity Management

作者 Giddy · GitHub ↗ · v0.2.2
cross-platform ⚠ suspicious
1340
总下载
0
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install openclaw-yatta-skill
功能描述
Personal productivity system for task and capacity management. Create and organize tasks with rich attributes (priority, effort, complexity, tags), track tim...
安全使用建议
This skill appears to be what it says: a manual-only Yatta! API client that needs a single API key. Before installing: 1) Verify the registry/package.json metadata matches SKILL.md (ensure disable-model-invocation is set and the required env vars are declared). 2) Inspect the included scripts (scripts/verify-endpoint.sh and scripts/yatta-safe-api.sh) locally and run the verification script to confirm YATTA_API_URL is the official endpoint before exporting your key. 3) Store the YATTA_API_KEY in a secure vault or env var (do not commit it) and test actions on non-critical data first because keys have full account privileges. 4) If you rely on the skill via a published registry entry, confirm the registry now shows the correct required envs (the changelog says this was fixed).
功能分析
Type: OpenClaw Skill Name: openclaw-yatta-skill Version: 0.2.2 The skill demonstrates a strong stated commitment to security, explicitly documenting and fixing critical shell and JSON injection vulnerabilities (RCE risk) in previous versions, and setting `disable-model-invocation: true`. However, despite claims of replacing 'ALL unsafe curl examples', the 'Create Task from Email' example in `SKILL.md` and all `curl` examples in `API-REFERENCE.md` still use direct string interpolation for JSON payloads and URL path parameters, making them vulnerable to JSON and shell injection. This represents an RCE risk if these examples are used directly with unsanitized user input, classifying the skill as suspicious due to these unaddressed vulnerabilities in the documentation examples.
能力评估
Purpose & Capability
The skill declares task/project/context/comment/calendar/capacity operations and only requests the YATTA_API_KEY (plus an optional YATTA_API_URL). Those credentials and the included curl/jq-based examples are proportionate to a REST API client for Yatta! — there are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md focuses on invoking the Yatta! API, documents which operations are destructive vs read-only, instructs users how to set env vars and to verify the endpoint, and provides safe jq-based patterns. It does not instruct the agent to read unrelated system files or exfiltrate data. The skill explicitly disables autonomous model invocation (manual-only).
Install Mechanism
There is no install spec (instruction-only), which minimizes install risk. Two helper shell scripts are included (verify-endpoint.sh and yatta-safe-api.sh); they are documented as optional and appear to perform read-only verification and safe request construction. Users should still inspect these scripts before running them, but their presence is reasonable and expected for this purpose.
Credentials
Declared environment requirements are limited to YATTA_API_KEY and optionally YATTA_API_URL; the docs explicitly warn the key grants full account access and recommend secure storage and rotation. The requested vars align with the skill's destructive capabilities and are not excessive.
Persistence & Privilege
The skill declares and documents disable-model-invocation (manual-only) to avoid autonomous destructive actions. always:true is not set. Included scripts do not create persistent privileged state. Overall persistence/privilege requests are appropriate for a user-driven integration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-yatta-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-yatta-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.2
Registry metadata sync: Add requires.env, requires.anyBins, and primaryEnv to package.json. Fixes 'Required env vars: none' display issue. Expected ClawHub rating: BENIGN.
v0.2.1
Metadata fix: Add top-level disable-model-invocation field, declare optional verification tools (openssl, dig), update description to document v0.2.0 security fixes. VirusTotal: BENIGN (confirmed). Expected ClawHub: BENIGN.
v0.2.0
Security fixes for all VirusTotal findings: Eliminated RCE vulnerability, added endpoint verification, fixed metadata inconsistency. All safe jq patterns, comprehensive security documentation, verification tools included.
v0.1.3
Enhanced skill description with comprehensive feature coverage. Now highlights core Yatta! functionality including task management with rich attributes, capacity planning to prevent overcommitment, time tracking and streaks, Eisenhower Matrix prioritization, calendar integration, delegation management, AI-powered insights, batch operations, and multi-project workflows. No code changes - description improvements only for better discoverability on ClawdHub.
v0.1.2
Add requires.env and primaryEnv to metadata for ClawHub evaluator compatibility. Aligns with OpenClaw security team requirements.
v0.1.1
Security improvements: Added comprehensive security controls including disable-model-invocation flag, capability declarations, credential documentation, and complete API operation reference (36 operations documented). Addresses all ClawdHub security best practices.
v0.1.0
Initial release of the Yatta! skill for OpenClaw. - Manage Yatta! tasks, projects, and contexts via API with bash and curl/jq. - Includes setup instructions and full environment variable configuration for API access. - Supports listing, filtering, creating, updating, and archiving tasks with numerous query options. - Provides API examples for managing projects and assigning contexts. - Documents all endpoints and advanced queries with ready-to-run curl commands.
元数据
Slug openclaw-yatta-skill
版本 0.2.2
许可证
累计安装 1
当前安装数 1
历史版本数 7
常见问题

Yatta! - Task & Capacity Management 是什么?

Personal productivity system for task and capacity management. Create and organize tasks with rich attributes (priority, effort, complexity, tags), track tim... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1340 次。

如何安装 Yatta! - Task & Capacity Management?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-yatta-skill」即可一键安装,无需额外配置。

Yatta! - Task & Capacity Management 是免费的吗?

是的,Yatta! - Task & Capacity Management 完全免费(开源免费),可自由下载、安装和使用。

Yatta! - Task & Capacity Management 支持哪些平台?

Yatta! - Task & Capacity Management 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Yatta! - Task & Capacity Management?

由 Giddy(@chrisagiddings)开发并维护,当前版本 v0.2.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论