← 返回 Skills 市场
Taskboard Cli
作者
Bingji Guo
· GitHub ↗
· v3.0.1
· MIT-0
233
总下载
0
收藏
0
当前安装
10
版本数
在 OpenClaw 中安装
/install taskboard-cli
功能描述
Lightweight task management CLI for multi-agent workflows. SQLite backend, no external dependencies or credentials. Status-change hooks emit agent instructio...
安全使用建议
What to consider before installing:
- The shipped Python CLI (scripts/taskboard.py) appears to be a local SQLite tool and does not itself make network calls — that part is coherent and low-risk.
- The reference docs, however, describe optional GitHub and webhook integrations that require you to supply tokens (e.g., GITHUB_TOKEN, Discord webhooks) and run wrapper scripts that perform network requests. These integrations are not declared in the registry metadata — treat them as opt-in and only provide secrets to trusted processes.
- Documentation inconsistencies: one reference uses a JSON file-based model (taskboard.json) while the actual code uses SQLite; this suggests stale or copy-pasted docs. Verify which backend you will use before relying on automation.
- The CLI lets you override the DB path (--db). Don't point it at system or sensitive files; running the tool with a path you don't control could read/overwrite data with the running user's permissions.
- Hooks are printed to stdout and may contain instructions that an agent could act on (e.g., send messages, spawn sessions). Ensure your agents do not auto-execute hook output unless you trust the source and have validation/sanitization in place.
- Recommended actions: inspect the full scripts/taskboard.py (including the truncated portion), run the tool in an isolated/sandbox environment, and if you enable GitHub/webhook integrations, use least-privilege tokens and separate service accounts. If anything in the references will be run automatically by an agent, require explicit user approval before providing credentials or enabling networked wrappers.
功能分析
Type: OpenClaw Skill
Name: taskboard-cli
Version: 3.0.1
The taskboard-cli skill is a legitimate SQLite-based task management tool for multi-agent workflows. The Python implementation (scripts/taskboard.py) follows security best practices, such as using parameterized queries to prevent SQL injection and restricting file operations to the local database. The 'Hooks' feature, which emits instructions for agents to follow upon task status changes, is a documented orchestration mechanism and lacks any evidence of malicious intent or hidden prompt-injection attacks. The documentation (references/github-backend.md and others) provides standard integration guides without requesting unauthorized access or exfiltrating data.
能力评估
Purpose & Capability
The package's name/description and the included script indicate a local SQLite-backed CLI with no required credentials — that matches most of the code. However, reference docs include optional GitHub and webhook integrations that require external tokens and network calls (GITHUB_TOKEN, Discord webhooks). Another reference (taskboard-setup.md) describes a taskboard.json storage model that contradicts the actual SQLite schema and scripts. These documentation inconsistencies mean the stated purpose ('no external dependencies or credentials') is not uniformly true across the repository.
Instruction Scope
SKILL.md and scripts/taskboard.py implement only local DB operations and emit hook lines to stdout; hooks are intentionally formatted for agents to read and act on. That is within scope. However, the references show example wrapper scripts and cron/webhook patterns that would parse hook output and make network calls — those wrappers live outside the skill but the docs teach how to wire them up. Also the CLI allows an arbitrary --db path, which can read/write any file the running user allows; this is expected functionality but worth noting as an escalation vector if the DB path is pointed at sensitive files.
Install Mechanism
No install spec is provided and no external packages are automatically downloaded; the skill ships source files (Python + SQL) and appears to be instruction-only in terms of installation. This is low-risk from installation mechanics.
Credentials
Registry metadata declares no required environment variables or primary credential, and the CLI itself doesn't require env vars. But references/github-backend.md explicitly instructs using GITHUB_TOKEN and shows curl commands that would send that token. references/webhook-integration.md shows storing webhook URLs/tokens in config. These are optional integrations, but the SKILL.md's blanket claim of 'no credentials' is misleading; users could be prompted to provide sensitive tokens to adapters described in the docs.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is not persistent beyond its files. It creates/uses a local DB (default scripts/taskboard.db) which is reasonable for a CLI tool. The ability to override --db is normal but should be used carefully.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install taskboard-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/taskboard-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.1
Add rejected status back (todo/in_progress/done/blocked/rejected)
v3.0.0
SQLite backend (replaces JSON). No urllib/subprocess/os.environ. 4 statuses: todo/in_progress/done/blocked. Hooks print to stdout only.
v2.1.0
Simplified statuses: todo/in-progress/done/blocked. Removed review and rejected. Use hooks for review workflows (create follow-up tasks, notify agents).
v2.0.1
Removed test file from package (contained subprocess import that triggered security scan). Tests kept locally, not shipped.
v2.0.0
v2: Removed all network code. Pure local JSON, zero external deps. GitHub sync moved to reference doc (agent-guided). No urllib/subprocess/os.environ. 30 tests passing.
v1.2.2
Declared GITHUB_TOKEN requirement and hook behavior in frontmatter description (metadata level). GitHub backend optional, hooks emit instructions only.
v1.2.1
Added explicit credential docs: GITHUB_TOKEN requirement declared in SKILL.md, security notes for hooks and GitHub sync, least-privilege token guidance.
v1.2.0
Removed exec hooks (security). Hooks now support message + session only. 32 tests passing.
v1.1.0
Added hooks system: on-done/on-review/on-change triggers with message/session/exec actions, template interpolation, add-hook command, transition matching. 32 tests passing.
v1.0.0
Pluggable task management CLI for multi-agent workflows. Local JSON + GitHub Issues backend. Task lifecycle, cross-agent handoffs, cron-friendly summaries.
元数据
常见问题
Taskboard Cli 是什么?
Lightweight task management CLI for multi-agent workflows. SQLite backend, no external dependencies or credentials. Status-change hooks emit agent instructio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 233 次。
如何安装 Taskboard Cli?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install taskboard-cli」即可一键安装,无需额外配置。
Taskboard Cli 是免费的吗?
是的,Taskboard Cli 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Taskboard Cli 支持哪些平台?
Taskboard Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Taskboard Cli?
由 Bingji Guo(@ckouder)开发并维护,当前版本 v3.0.1。
推荐 Skills