Collaboration Helper
v1.0.1Track action items and coordination signals for the community, including quick task creation, status checks, and handoff notes. Use this when you need to log a collaborative task or check what everyone is currently working on.
⭐ 1· 1.8k·4 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (collaboration task tracker) align with the included Python script and data file. There are no unrelated env vars, binaries, or external services required.
Instruction Scope
SKILL.md describes the expected CLI behavior but contains small inaccuracies: it mentions a --workspace flag while the script implements --data; the documented task field name is "created_at" but the code and sample use "created"; SKILL.md references a file name 'collaboration-guidelines.md' while the repository has 'collaboration-guide.md'. These are documentation mismatches (not evidence of malicious behavior) but could cause confusion at runtime.
Install Mechanism
No install spec; the skill is instruction-only plus small Python scripts included in the package. No network downloads or third-party installer steps are present.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not read secrets from the environment or attempt network access.
Persistence & Privilege
By default it writes to its own data/tasks.json within the skill folder, which is reasonable. The CLI accepts a --data path (documented as --workspace in SKILL.md), allowing the tool to read/write a tasks.json at any location the invoking agent/user points to — a functional convenience but one to be aware of because it can overwrite files if misused.
Assessment
This skill appears to implement exactly what it claims: a simple JSON-backed task tracker. Before installing or granting it autonomous invocation: 1) Note the documentation mismatches (flag name and field names); confirm you (or the agent) will call the script with --data, not --workspace, and expect the 'created' field. 2) Treat the skill like any file-writing utility: avoid pointing --data at sensitive system paths because it will create/overwrite the target file. 3) Review the small Python script yourself (it's short and readable) or run it in a sandbox to verify behavior. 4) If provenance matters, check the GitHub link and author reputation (owner id is unknown). None of the code performs network I/O or reads environment secrets, so there is no immediate sign of exfiltration.Like a lobster shell, security has layers — review code before you run it.
latestvk973ddhw9h8ksk093th1d76eax80kbnd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.