{ "schemaVersion": "1.0", "item": { "slug": "openclaw-yatta-skill", "name": "Yatta! - Task & Capacity Management", "source": "tencent", "type": "skill", "category": "效率提升", "sourceUrl": "https://clawhub.ai/chrisagiddings/openclaw-yatta-skill", "canonicalUrl": "https://clawhub.ai/chrisagiddings/openclaw-yatta-skill", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw-yatta-skill", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-yatta-skill", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "API-REFERENCE.md", "CHANGELOG.md", "README.md", "SECURITY-ASSESSMENT-ISSUE-15.md", "SECURITY-ASSESSMENT-ISSUE-16.md", "SECURITY-ASSESSMENT-ISSUE-17.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-yatta-skill" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-yatta-skill", "agentPageUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Yatta! Skill", "body": "Interact with Yatta! task management system via API. Requires an API key from your Yatta! account." }, { "title": "⚠️ Security Warning", "body": "This skill can perform DESTRUCTIVE operations on your Yatta! account:\n\nTask Management: Create, update, archive, and batch-modify tasks\nProject Management: Create, update, and archive projects\nContext Management: Create contexts and assign them to tasks\nComment Management: Add, update, and delete task comments\nCalendar Management: Create, sync, and modify calendar subscriptions\nFollow-Up Management: Update delegation schedules and mark complete\nCapacity Management: Trigger capacity computations\n\nOperation Types:\n\nRead-Only Operations (✅ Safe):\n\nList tasks, projects, contexts, comments\nGet analytics, insights, streaks\nView capacity and calendar data\nGet Eisenhower Matrix view\nAll GET requests\n\nDestructive Operations (⚠️ Modify or delete data):\n\nCreate/update/archive tasks (POST, PUT, DELETE)\nBatch update tasks\nCreate/update projects\nCreate/assign contexts\nAdd/update/delete comments\nAdd/sync calendar subscriptions\nUpdate follow-up schedules\nAll POST, PUT, DELETE requests\n\nBest Practices:\n\nReview commands before running - Check what the API call will do\nNo undo for deletions - Archived tasks can be recovered, but some operations are permanent\nTest on non-critical data first - Create test tasks/projects to verify behavior\nBatch operations affect multiple items - Be extra careful with batch updates\nReal-time sync - Changes appear in Yatta! UI immediately\n\nFor detailed API operation documentation, see API-REFERENCE.md." }, { "title": "⚠️ API Key Security", "body": "Your Yatta! API key provides FULL access to your account:\n\nCan create, read, update, and delete ALL tasks, projects, contexts\nCan modify calendar subscriptions and follow-up schedules\nCan archive data and trigger computations\nNo read-only scopes available - keys have full permissions\n\nSecurity Best Practices:\n\nStore keys in a secure password manager (1Password CLI recommended)\nUse environment variables, never hardcode keys in scripts\nRotate keys regularly (every 90 days recommended)\nCreate separate keys for different integrations\nRevoke unused keys immediately\nNever commit keys to version control" }, { "title": "1. Get Your API Key", "body": "Log into Yatta! app\nGo to Settings → API Keys\nCreate new key (e.g., \"OpenClaw Integration\")\nCopy the yatta_... key\nStore it securely" }, { "title": "2. Configure the Skill", "body": "Option A: Environment Variables (Recommended)\n\n# Add to your shell profile (~/.zshrc, ~/.bashrc)\nexport YATTA_API_KEY=\"yatta_your_key_here\"\nexport YATTA_API_URL=\"https://zunahvofybvxpptjkwxk.supabase.co/functions/v1\" # Default\n\nOption B: 1Password CLI (Most Secure)\n\n# Store key in 1Password\nop item create --category=API_CREDENTIAL \\\n --title=\"Yatta API Key\" \\\n api_key[password]=\"yatta_your_key_here\"\n\n# Use in commands\nexport YATTA_API_KEY=$(op read \"op://Private/Yatta API Key/api_key\")" }, { "title": "⚠️ API Endpoint Verification", "body": "The default API endpoint is hosted on Supabase:\n\nDefault URL: https://zunahvofybvxpptjkwxk.supabase.co/functions/v1\nProject: Yatta! production backend\nOwner: Chris Giddings (chris@chrisgiddings.net)\nApp: https://yattadone.com\n\nWhy Supabase?\n\nYatta! uses Supabase as its backend infrastructure\nThe URL is a direct Supabase project endpoint\nBranded URL (api.yattadone.com) is on the roadmap\n\nVerification steps:\n\nVerify app ownership:\n\nVisit https://yattadone.com\nCheck Settings → About or footer for API endpoint confirmation\n\n\n\nCheck SSL certificate:\nopenssl s_client -connect zunahvofybvxpptjkwxk.supabase.co:443 \\\n -servername zunahvofybvxpptjkwxk.supabase.co < /dev/null 2>&1 \\\n | openssl x509 -noout -subject -issuer\n\n\n\nRun verification script:\n# Automated endpoint verification\nbash scripts/verify-endpoint.sh\n\n\n\nContact support if uncertain:\n\nEmail: support@yattadone.com\nOnly send API keys to verified endpoints\n\nBranded URL (Coming Soon):\n\nFuture: https://api.yattadone.com/v1\nCurrent Supabase URL will continue to work\nSkill will auto-update default when branded URL is live\n\nSecurity note:\nOnly send your API key to endpoints you trust and have verified.\nIf you prefer to wait for the branded API URL, that's a valid security choice." }, { "title": "3. Test Connection", "body": "curl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[:3]' # Show first 3 tasks" }, { "title": "🔒 Security: Input Validation", "body": "⚠️ CRITICAL: This skill is vulnerable to shell and JSON injection if user input is not properly sanitized." }, { "title": "Safe Coding Patterns (Required)", "body": "ALL examples in this skill use safe patterns:\n\n✅ JSON payloads: Built with jq -n --arg (prevents JSON injection)\n✅ URL parameters: Encoded with jq -sRr @uri (prevents shell injection)\n✅ No direct string interpolation in JSON or URLs" }, { "title": "Quick Reference", "body": "# ✅ SAFE: JSON construction\nPAYLOAD=$(jq -n --arg title \"$TITLE\" '{title: $title}')\ncurl -d \"$PAYLOAD\" ...\n\n# ✅ SAFE: URL encoding\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\ncurl \"$API_URL/tasks/$TASK_ID_ENCODED\" ...\n\n# ✅ BEST: Use wrapper functions\nsource scripts/yatta-safe-api.sh\nyatta_create_task \"Finish report\" \"high\"" }, { "title": "Why This Matters", "body": "Unsafe patterns can lead to:\n\nAPI key exfiltration\nArbitrary command execution (RCE)\nData manipulation and corruption\n\nSee SECURITY.md for:\n\nDetailed vulnerability examples\nAttack scenarios and impact\nSafe coding patterns\nTesting guidelines\n\nSee scripts/yatta-safe-api.sh for:\n\nPre-built safe wrapper functions\nReady-to-use examples\nZero boilerplate" }, { "title": "🎯 Invocation Policy", "body": "This skill requires MANUAL invocation only." }, { "title": "Policy Details", "body": "Setting: disable-model-invocation: true\n\nWhat this means:\n\nAgent will NOT automatically invoke Yatta! operations\nUser must explicitly request each action\nNo background task creation or modification\nAll operations require clear user intent" }, { "title": "Why Manual-Only?", "body": "Security rationale:\n\nFull account access: Yatta! API keys grant complete account access\nNo read-only scopes: No way to limit API key permissions\nDestructive operations: Can delete/archive/modify data permanently\nUser oversight required: Changes should be reviewed before execution" }, { "title": "Examples", "body": "❌ Autonomous (NOT allowed):\n\nUser: \"I should probably archive old tasks\"\nAgent: *silently archives tasks without confirmation*\n\n✅ Manual (Required):\n\nUser: \"Please archive tasks older than 30 days\"\nAgent: *executes explicit request, shows results*" }, { "title": "Policy Enforcement", "body": "How it works:\n\nSkill metadata declares disable-model-invocation: true\nOpenClaw respects this setting\nAgent requires explicit user commands\nNo autonomous background operations\n\nVerification:\n\n# Check package.json\njq '.openclaw[\"disable-model-invocation\"]' package.json\n# Should output: true\n\n# Check SKILL.md frontmatter\ngrep \"disable-model-invocation\" SKILL.md\n# Should show: \"disable-model-invocation\":true" }, { "title": "If You See Unexpected Operations", "body": "If Yatta! operations happen without your explicit request:\n\nStop immediately - This indicates a policy violation\nRevoke API key - Create new key in Yatta! Settings → API Keys\nFile issue - https://github.com/chrisagiddings/openclaw-yatta-skill/issues\nReport to OpenClaw - Policy enforcement bug\n\nThis should never happen - manual invocation is a security requirement." }, { "title": "List Tasks", "body": "All tasks:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nFilter by status:\n\n# TODO tasks only\ncurl -s \"$YATTA_API_URL/tasks?status=todo\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# Doing (active) tasks\ncurl -s \"$YATTA_API_URL/tasks?status=doing\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# Completed tasks\ncurl -s \"$YATTA_API_URL/tasks?status=done\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nFilter by priority:\n\n# High priority tasks\ncurl -s \"$YATTA_API_URL/tasks?priority=high\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, due_date, priority}'\n\nFilter by project:\n\n# Get project ID first\nPROJECT_ID=$(curl -s \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | select(.name==\"Website Redesign\") | .id')\n\n# Get tasks for that project (URL-encode query parameter)\nPROJECT_ID_ENCODED=$(printf %s \"$PROJECT_ID\" | jq -sRr @uri)\ncurl -s \"$YATTA_API_URL/tasks?project_id=$PROJECT_ID_ENCODED\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nFilter by matrix state:\n\n# Delegated tasks\ncurl -s \"$YATTA_API_URL/tasks?matrix_state=delegated\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, delegated_to, follow_up_date}'\n\n# Waiting tasks\ncurl -s \"$YATTA_API_URL/tasks?matrix_state=waiting\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nDate range queries:\n\n# Tasks due this week\nWEEK_END=$(date -v+7d \"+%Y-%m-%d\")\ncurl -s \"$YATTA_API_URL/tasks?due_date_lte=$WEEK_END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, due_date}'\n\n# Overdue tasks\nTODAY=$(date \"+%Y-%m-%d\")\ncurl -s \"$YATTA_API_URL/tasks?due_date_lte=$TODAY&status=todo\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, due_date}'\n\nPagination:\n\n# First 50 tasks\ncurl -s \"$YATTA_API_URL/tasks?limit=50&offset=0\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# Next 50 tasks\ncurl -s \"$YATTA_API_URL/tasks?limit=50&offset=50\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nArchived tasks:\n\ncurl -s \"$YATTA_API_URL/tasks?archived=true\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Create Task", "body": "Simple task:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Finish report\",\n \"priority\": \"high\"\n }' \\\n | jq '.'\n\nTask with full details:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Review Q1 numbers\",\n \"description\": \"Go through revenue, costs, and projections\",\n \"priority\": \"high\",\n \"due_date\": \"2026-02-15\",\n \"effort_points\": 5,\n \"project_id\": \"uuid-of-project\",\n \"matrix_state\": \"active\"\n }' \\\n | jq '.'\n\nDelegated task with follow-up:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Website redesign\",\n \"delegated_to\": \"Dev Team\",\n \"matrix_state\": \"delegated\",\n \"follow_up_schedule\": {\n \"type\": \"weekly\",\n \"day_of_week\": \"monday\",\n \"next_follow_up\": \"2026-02-17\"\n }\n }' \\\n | jq '.'\n\nRecurring task:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Team standup\",\n \"recurrence_rule\": {\n \"frequency\": \"daily\",\n \"interval\": 1,\n \"days_of_week\": [\"monday\", \"tuesday\", \"wednesday\", \"thursday\", \"friday\"]\n },\n \"effort_points\": 1\n }' \\\n | jq '.'" }, { "title": "Update Task", "body": "Update single task:\n\n# ✅ SAFE: Use jq to build JSON payload\nTASK_ID=\"uuid-of-task\"\nPAYLOAD=$(jq -n \\\n --arg id \"$TASK_ID\" \\\n --arg status \"done\" \\\n --arg completed_at \"$(date -u +\"%Y-%m-%dT%H:%M:%SZ\")\" \\\n '{id: $id, status: $status, completed_at: $completed_at}')\n\ncurl -s -X PUT \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nBatch update tasks:\n\ncurl -s -X PUT \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"ids\": [\"uuid-1\", \"uuid-2\", \"uuid-3\"],\n \"priority\": \"high\",\n \"project_id\": \"project-uuid\"\n }' \\\n | jq '.'" }, { "title": "Archive Task", "body": "# ✅ SAFE: Use jq to build JSON payload\nTASK_ID=\"uuid-of-task\"\nPAYLOAD=$(jq -n --arg id \"$TASK_ID\" '{id: $id}')\n\ncurl -s -X DELETE \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "List Projects", "body": "# All projects\ncurl -s \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# With task counts\ncurl -s \"$YATTA_API_URL/projects?with_counts=true\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {name, task_count, open_count}'" }, { "title": "Create Project", "body": "curl -s \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"Website Redesign\",\n \"description\": \"Complete overhaul of company site\",\n \"color\": \"#3b82f6\",\n \"icon\": \"🌐\"\n }' \\\n | jq '.'" }, { "title": "Update Project", "body": "# ✅ SAFE: Use jq to build JSON payload\nPROJECT_ID=\"uuid-of-project\"\nPAYLOAD=$(jq -n \\\n --arg id \"$PROJECT_ID\" \\\n --arg name \"Website Redesign v2\" \\\n --argjson archived false \\\n '{id: $id, name: $name, archived: $archived}')\n\ncurl -s -X PUT \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "Get Project Tasks", "body": "# ✅ SAFE: URL-encode path parameter\nPROJECT_ID=\"uuid-of-project\"\nPROJECT_ID_ENCODED=$(printf %s \"$PROJECT_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/projects/$PROJECT_ID_ENCODED/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "List Contexts", "body": "# All contexts\ncurl -s \"$YATTA_API_URL/contexts\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# With task counts\ncurl -s \"$YATTA_API_URL/contexts?with_counts=true\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {name, task_count}'" }, { "title": "Create Context", "body": "curl -s \"$YATTA_API_URL/contexts\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"@deep-focus\",\n \"color\": \"#8b5cf6\",\n \"icon\": \"🧠\"\n }' \\\n | jq '.'" }, { "title": "Assign Context to Task", "body": "# ✅ SAFE: Use jq to build JSON payload with arrays\nTASK_ID=\"uuid-of-task\"\nCONTEXT_ID=\"uuid-of-context\"\n\nPAYLOAD=$(jq -n \\\n --arg task_id \"$TASK_ID\" \\\n --arg context_id \"$CONTEXT_ID\" \\\n '{task_id: $task_id, context_ids: [$context_id]}')\n\ncurl -s -X POST \"$YATTA_API_URL/contexts/assign\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "Get Task Contexts", "body": "# ✅ SAFE: URL-encode path parameter\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/contexts\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get Context Tasks", "body": "# ✅ SAFE: URL-encode path parameter\nCONTEXT_ID=\"uuid-of-context\"\nCONTEXT_ID_ENCODED=$(printf %s \"$CONTEXT_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/contexts/$CONTEXT_ID_ENCODED/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "List Task Comments", "body": "# ✅ SAFE: URL-encode path parameter\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Add Comment", "body": "# ✅ SAFE: URL-encode path + jq for JSON\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\nPAYLOAD=$(jq -n \\\n --arg content \"Waiting on client feedback before proceeding\" \\\n '{content: $content}')\n\ncurl -s -X POST \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "Update Comment", "body": "# ✅ SAFE: Use jq to build JSON payload\nCOMMENT_ID=\"uuid-of-comment\"\nPAYLOAD=$(jq -n \\\n --arg id \"$COMMENT_ID\" \\\n --arg content \"Client responded, moving forward\" \\\n '{id: $id, content: $content}')\n\ncurl -s -X PUT \"$YATTA_API_URL/task-comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "Delete Comment", "body": "# ✅ SAFE: Use jq to build JSON payload\nCOMMENT_ID=\"uuid-of-comment\"\nPAYLOAD=$(jq -n --arg id \"$COMMENT_ID\" '{id: $id}')\n\ncurl -s -X DELETE \"$YATTA_API_URL/task-comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "Get Today's Follow-Ups", "body": "curl -s \"$YATTA_API_URL/follow-ups\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, delegated_to, follow_up_date}'" }, { "title": "Get Follow-Ups for Date", "body": "DATE=\"2026-02-15\"\ncurl -s \"$YATTA_API_URL/follow-ups?date=$DATE\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Mark Follow-Up Complete", "body": "# ✅ SAFE: URL-encode path parameter\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\ncurl -s -X POST \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/follow-up\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{}' \\\n | jq '.'" }, { "title": "Update Follow-Up Schedule", "body": "# ✅ SAFE: URL-encode path + jq for JSON\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\nPAYLOAD=$(jq -n \\\n --arg type \"every_n_days\" \\\n --argjson interval 3 \\\n --arg next_follow_up \"2026-02-12\" \\\n '{type: $type, interval: $interval, next_follow_up: $next_follow_up}')\n\ncurl -s -X PUT \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/follow-up-schedule\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'" }, { "title": "List Calendar Subscriptions", "body": "curl -s \"$YATTA_API_URL/calendar/subscriptions\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Add Calendar Subscription", "body": "curl -s -X POST \"$YATTA_API_URL/calendar/subscriptions\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"Work Calendar\",\n \"ical_url\": \"https://calendar.google.com/calendar/ical/...\",\n \"default_context_id\": \"context-uuid\"\n }' \\\n | jq '.'" }, { "title": "Trigger Calendar Sync", "body": "# ✅ SAFE: URL-encode path parameter\nSUBSCRIPTION_ID=\"uuid-of-subscription\"\nSUBSCRIPTION_ID_ENCODED=$(printf %s \"$SUBSCRIPTION_ID\" | jq -sRr @uri)\n\ncurl -s -X POST \"$YATTA_API_URL/calendar/subscriptions/$SUBSCRIPTION_ID_ENCODED/sync\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "List Calendar Events", "body": "# Events for date range\nSTART=\"2026-02-10\"\nEND=\"2026-02-17\"\ncurl -s \"$YATTA_API_URL/calendar/events?start=$START&end=$END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get Today's Capacity", "body": "curl -s \"$YATTA_API_URL/capacity/today\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '{date, utilization_percent, status, used_minutes, total_minutes}'" }, { "title": "Get Capacity for Date Range", "body": "START=\"2026-02-10\"\nEND=\"2026-02-17\"\ncurl -s \"$YATTA_API_URL/capacity?start=$START&end=$END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {date, status, utilization_percent}'" }, { "title": "Trigger Capacity Computation", "body": "curl -s -X POST \"$YATTA_API_URL/capacity/compute\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get Summary Insights", "body": "curl -s \"$YATTA_API_URL/analytics/summary\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get Velocity Metrics", "body": "curl -s \"$YATTA_API_URL/analytics/velocity\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get Task Distribution", "body": "curl -s \"$YATTA_API_URL/analytics/distribution\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '{by_status, by_priority, by_matrix_state}'" }, { "title": "Get Streaks", "body": "curl -s \"$YATTA_API_URL/analytics/streaks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get AI Insights", "body": "curl -s \"$YATTA_API_URL/analytics/insights\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'" }, { "title": "Get Eisenhower Matrix View", "body": "curl -s \"$YATTA_API_URL/tasks/matrix\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '{do_first, schedule, delegate, eliminate}'" }, { "title": "Daily Workflow Automation", "body": "Morning briefing:\n\n#!/bin/bash\necho \"=== Today's Tasks ===\"\ncurl -s \"$YATTA_API_URL/tasks?status=todo&due_date_lte=$(date +%Y-%m-%d)\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"- [\\(.priority)] \\(.title)\"'\n\necho \"\"\necho \"=== Follow-Ups Due ===\"\ncurl -s \"$YATTA_API_URL/follow-ups\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"- \\(.title) (delegated to: \\(.delegated_to))\"'\n\necho \"\"\necho \"=== Capacity Status ===\"\ncurl -s \"$YATTA_API_URL/capacity/today\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '\"Utilization: \\(.utilization_percent)% - \\(.status)\"'" }, { "title": "Create Task from Email", "body": "#!/bin/bash\n# Extract email subject and body\nSUBJECT=\"$1\"\nBODY=\"$2\"\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"'\"$SUBJECT\"'\",\n \"description\": \"'\"$BODY\"'\",\n \"priority\": \"medium\",\n \"import_source\": \"email\"\n }' \\\n | jq -r '\"Task created: \\(.title)\"'" }, { "title": "Weekly Planning Report", "body": "#!/bin/bash\nWEEK_START=$(date -v+mon \"+%Y-%m-%d\")\nWEEK_END=$(date -v+sun \"+%Y-%m-%d\")\n\necho \"=== Week of $WEEK_START ===\"\ncurl -s \"$YATTA_API_URL/capacity?start=$WEEK_START&end=$WEEK_END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"\\(.date): \\(.status) (\\(.utilization_percent)%)\"'\n\necho \"\"\necho \"=== Tasks Due This Week ===\"\ncurl -s \"$YATTA_API_URL/tasks?due_date_gte=$WEEK_START&due_date_lte=$WEEK_END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"[\\(.due_date)] \\(.title)\"'" }, { "title": "Error Handling", "body": "Check response status:\n\nRESPONSE=$(curl -s -w \"\\n%{http_code}\" \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\")\n\nSTATUS=$(echo \"$RESPONSE\" | tail -n1)\nBODY=$(echo \"$RESPONSE\" | sed '$d')\n\nif [ \"$STATUS\" -eq 200 ]; then\n echo \"$BODY\" | jq '.'\nelse\n echo \"Error: HTTP $STATUS\"\n echo \"$BODY\" | jq '.error'\nfi\n\nRate limit handling:\n\nRESPONSE=$(curl -s -i \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\")\n\n# Check X-RateLimit headers\nREMAINING=$(echo \"$RESPONSE\" | grep -i \"X-RateLimit-Remaining\" | cut -d' ' -f2)\nRESET=$(echo \"$RESPONSE\" | grep -i \"X-RateLimit-Reset\" | cut -d' ' -f2)\n\nif [ \"$REMAINING\" -lt 10 ]; then\n echo \"Warning: Only $REMAINING requests remaining\"\n echo \"Rate limit resets at: $(date -r $RESET)\"\nfi" }, { "title": "Tips", "body": "Store API key securely: Use 1Password CLI, env vars, or secrets manager\nUse jq for filtering: Pipe responses through jq for clean output\nBatch operations: Update multiple tasks at once when possible\nRate limits: 100 requests/minute per API key\nDate formats: Always use ISO 8601 (YYYY-MM-DD for dates, YYYY-MM-DDTHH:MM:SSZ for timestamps)\nError responses: Include error field with description" }, { "title": "Resources", "body": "API Documentation: Yatta! API Docs (coming soon)\nGitHub Repo: https://github.com/chrisagiddings/openclaw-yatta-skill\nReport Issues: https://github.com/chrisagiddings/openclaw-yatta-skill/issues" }, { "title": "API URL Note", "body": "Currently using the direct Supabase Edge Functions URL for reliability:\n\nhttps://zunahvofybvxpptjkwxk.supabase.co/functions/v1\n\nBranded URLs (yattadone.com/api) will be available in a future release once proxy configuration is resolved with the hosting provider." } ], "body": "Yatta! Skill\n\nInteract with Yatta! task management system via API. Requires an API key from your Yatta! account.\n\n⚠️ Security Warning\n\nThis skill can perform DESTRUCTIVE operations on your Yatta! account:\n\nTask Management: Create, update, archive, and batch-modify tasks\nProject Management: Create, update, and archive projects\nContext Management: Create contexts and assign them to tasks\nComment Management: Add, update, and delete task comments\nCalendar Management: Create, sync, and modify calendar subscriptions\nFollow-Up Management: Update delegation schedules and mark complete\nCapacity Management: Trigger capacity computations\n\nOperation Types:\n\nRead-Only Operations (✅ Safe):\n\nList tasks, projects, contexts, comments\nGet analytics, insights, streaks\nView capacity and calendar data\nGet Eisenhower Matrix view\nAll GET requests\n\nDestructive Operations (⚠️ Modify or delete data):\n\nCreate/update/archive tasks (POST, PUT, DELETE)\nBatch update tasks\nCreate/update projects\nCreate/assign contexts\nAdd/update/delete comments\nAdd/sync calendar subscriptions\nUpdate follow-up schedules\nAll POST, PUT, DELETE requests\n\nBest Practices:\n\nReview commands before running - Check what the API call will do\nNo undo for deletions - Archived tasks can be recovered, but some operations are permanent\nTest on non-critical data first - Create test tasks/projects to verify behavior\nBatch operations affect multiple items - Be extra careful with batch updates\nReal-time sync - Changes appear in Yatta! UI immediately\n\nFor detailed API operation documentation, see API-REFERENCE.md.\n\nSetup\n⚠️ API Key Security\n\nYour Yatta! API key provides FULL access to your account:\n\nCan create, read, update, and delete ALL tasks, projects, contexts\nCan modify calendar subscriptions and follow-up schedules\nCan archive data and trigger computations\nNo read-only scopes available - keys have full permissions\n\nSecurity Best Practices:\n\nStore keys in a secure password manager (1Password CLI recommended)\nUse environment variables, never hardcode keys in scripts\nRotate keys regularly (every 90 days recommended)\nCreate separate keys for different integrations\nRevoke unused keys immediately\nNever commit keys to version control\n1. Get Your API Key\nLog into Yatta! app\nGo to Settings → API Keys\nCreate new key (e.g., \"OpenClaw Integration\")\nCopy the yatta_... key\nStore it securely\n2. Configure the Skill\n\nOption A: Environment Variables (Recommended)\n\n# Add to your shell profile (~/.zshrc, ~/.bashrc)\nexport YATTA_API_KEY=\"yatta_your_key_here\"\nexport YATTA_API_URL=\"https://zunahvofybvxpptjkwxk.supabase.co/functions/v1\" # Default\n\n\nOption B: 1Password CLI (Most Secure)\n\n# Store key in 1Password\nop item create --category=API_CREDENTIAL \\\n --title=\"Yatta API Key\" \\\n api_key[password]=\"yatta_your_key_here\"\n\n# Use in commands\nexport YATTA_API_KEY=$(op read \"op://Private/Yatta API Key/api_key\")\n\n⚠️ API Endpoint Verification\n\nThe default API endpoint is hosted on Supabase:\n\nDefault URL: https://zunahvofybvxpptjkwxk.supabase.co/functions/v1\nProject: Yatta! production backend\nOwner: Chris Giddings (chris@chrisgiddings.net)\nApp: https://yattadone.com\n\nWhy Supabase?\n\nYatta! uses Supabase as its backend infrastructure\nThe URL is a direct Supabase project endpoint\nBranded URL (api.yattadone.com) is on the roadmap\n\nVerification steps:\n\nVerify app ownership:\n\nVisit https://yattadone.com\nCheck Settings → About or footer for API endpoint confirmation\n\nCheck SSL certificate:\n\nopenssl s_client -connect zunahvofybvxpptjkwxk.supabase.co:443 \\\n -servername zunahvofybvxpptjkwxk.supabase.co < /dev/null 2>&1 \\\n | openssl x509 -noout -subject -issuer\n\n\nRun verification script:\n\n# Automated endpoint verification\nbash scripts/verify-endpoint.sh\n\n\nContact support if uncertain:\n\nEmail: support@yattadone.com\nOnly send API keys to verified endpoints\n\nBranded URL (Coming Soon):\n\nFuture: https://api.yattadone.com/v1\nCurrent Supabase URL will continue to work\nSkill will auto-update default when branded URL is live\n\nSecurity note: Only send your API key to endpoints you trust and have verified. If you prefer to wait for the branded API URL, that's a valid security choice.\n\n3. Test Connection\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[:3]' # Show first 3 tasks\n\n🔒 Security: Input Validation\n\n⚠️ CRITICAL: This skill is vulnerable to shell and JSON injection if user input is not properly sanitized.\n\nSafe Coding Patterns (Required)\n\nALL examples in this skill use safe patterns:\n\n✅ JSON payloads: Built with jq -n --arg (prevents JSON injection)\n✅ URL parameters: Encoded with jq -sRr @uri (prevents shell injection)\n✅ No direct string interpolation in JSON or URLs\nQuick Reference\n# ✅ SAFE: JSON construction\nPAYLOAD=$(jq -n --arg title \"$TITLE\" '{title: $title}')\ncurl -d \"$PAYLOAD\" ...\n\n# ✅ SAFE: URL encoding\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\ncurl \"$API_URL/tasks/$TASK_ID_ENCODED\" ...\n\n# ✅ BEST: Use wrapper functions\nsource scripts/yatta-safe-api.sh\nyatta_create_task \"Finish report\" \"high\"\n\nWhy This Matters\n\nUnsafe patterns can lead to:\n\nAPI key exfiltration\nArbitrary command execution (RCE)\nData manipulation and corruption\n\nSee SECURITY.md for:\n\nDetailed vulnerability examples\nAttack scenarios and impact\nSafe coding patterns\nTesting guidelines\n\nSee scripts/yatta-safe-api.sh for:\n\nPre-built safe wrapper functions\nReady-to-use examples\nZero boilerplate\n🎯 Invocation Policy\n\nThis skill requires MANUAL invocation only.\n\nPolicy Details\n\nSetting: disable-model-invocation: true\n\nWhat this means:\n\nAgent will NOT automatically invoke Yatta! operations\nUser must explicitly request each action\nNo background task creation or modification\nAll operations require clear user intent\nWhy Manual-Only?\n\nSecurity rationale:\n\nFull account access: Yatta! API keys grant complete account access\nNo read-only scopes: No way to limit API key permissions\nDestructive operations: Can delete/archive/modify data permanently\nUser oversight required: Changes should be reviewed before execution\nExamples\n\n❌ Autonomous (NOT allowed):\n\nUser: \"I should probably archive old tasks\"\nAgent: *silently archives tasks without confirmation*\n\n\n✅ Manual (Required):\n\nUser: \"Please archive tasks older than 30 days\"\nAgent: *executes explicit request, shows results*\n\nPolicy Enforcement\n\nHow it works:\n\nSkill metadata declares disable-model-invocation: true\nOpenClaw respects this setting\nAgent requires explicit user commands\nNo autonomous background operations\n\nVerification:\n\n# Check package.json\njq '.openclaw[\"disable-model-invocation\"]' package.json\n# Should output: true\n\n# Check SKILL.md frontmatter\ngrep \"disable-model-invocation\" SKILL.md\n# Should show: \"disable-model-invocation\":true\n\nIf You See Unexpected Operations\n\nIf Yatta! operations happen without your explicit request:\n\nStop immediately - This indicates a policy violation\nRevoke API key - Create new key in Yatta! Settings → API Keys\nFile issue - https://github.com/chrisagiddings/openclaw-yatta-skill/issues\nReport to OpenClaw - Policy enforcement bug\n\nThis should never happen - manual invocation is a security requirement.\n\nTasks API\nList Tasks\n\nAll tasks:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n\nFilter by status:\n\n# TODO tasks only\ncurl -s \"$YATTA_API_URL/tasks?status=todo\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# Doing (active) tasks\ncurl -s \"$YATTA_API_URL/tasks?status=doing\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# Completed tasks\ncurl -s \"$YATTA_API_URL/tasks?status=done\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n\nFilter by priority:\n\n# High priority tasks\ncurl -s \"$YATTA_API_URL/tasks?priority=high\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, due_date, priority}'\n\n\nFilter by project:\n\n# Get project ID first\nPROJECT_ID=$(curl -s \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | select(.name==\"Website Redesign\") | .id')\n\n# Get tasks for that project (URL-encode query parameter)\nPROJECT_ID_ENCODED=$(printf %s \"$PROJECT_ID\" | jq -sRr @uri)\ncurl -s \"$YATTA_API_URL/tasks?project_id=$PROJECT_ID_ENCODED\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n\nFilter by matrix state:\n\n# Delegated tasks\ncurl -s \"$YATTA_API_URL/tasks?matrix_state=delegated\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, delegated_to, follow_up_date}'\n\n# Waiting tasks\ncurl -s \"$YATTA_API_URL/tasks?matrix_state=waiting\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n\nDate range queries:\n\n# Tasks due this week\nWEEK_END=$(date -v+7d \"+%Y-%m-%d\")\ncurl -s \"$YATTA_API_URL/tasks?due_date_lte=$WEEK_END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, due_date}'\n\n# Overdue tasks\nTODAY=$(date \"+%Y-%m-%d\")\ncurl -s \"$YATTA_API_URL/tasks?due_date_lte=$TODAY&status=todo\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, due_date}'\n\n\nPagination:\n\n# First 50 tasks\ncurl -s \"$YATTA_API_URL/tasks?limit=50&offset=0\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# Next 50 tasks\ncurl -s \"$YATTA_API_URL/tasks?limit=50&offset=50\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n\nArchived tasks:\n\ncurl -s \"$YATTA_API_URL/tasks?archived=true\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nCreate Task\n\nSimple task:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Finish report\",\n \"priority\": \"high\"\n }' \\\n | jq '.'\n\n\nTask with full details:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Review Q1 numbers\",\n \"description\": \"Go through revenue, costs, and projections\",\n \"priority\": \"high\",\n \"due_date\": \"2026-02-15\",\n \"effort_points\": 5,\n \"project_id\": \"uuid-of-project\",\n \"matrix_state\": \"active\"\n }' \\\n | jq '.'\n\n\nDelegated task with follow-up:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Website redesign\",\n \"delegated_to\": \"Dev Team\",\n \"matrix_state\": \"delegated\",\n \"follow_up_schedule\": {\n \"type\": \"weekly\",\n \"day_of_week\": \"monday\",\n \"next_follow_up\": \"2026-02-17\"\n }\n }' \\\n | jq '.'\n\n\nRecurring task:\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"Team standup\",\n \"recurrence_rule\": {\n \"frequency\": \"daily\",\n \"interval\": 1,\n \"days_of_week\": [\"monday\", \"tuesday\", \"wednesday\", \"thursday\", \"friday\"]\n },\n \"effort_points\": 1\n }' \\\n | jq '.'\n\nUpdate Task\n\nUpdate single task:\n\n# ✅ SAFE: Use jq to build JSON payload\nTASK_ID=\"uuid-of-task\"\nPAYLOAD=$(jq -n \\\n --arg id \"$TASK_ID\" \\\n --arg status \"done\" \\\n --arg completed_at \"$(date -u +\"%Y-%m-%dT%H:%M:%SZ\")\" \\\n '{id: $id, status: $status, completed_at: $completed_at}')\n\ncurl -s -X PUT \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\n\nBatch update tasks:\n\ncurl -s -X PUT \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"ids\": [\"uuid-1\", \"uuid-2\", \"uuid-3\"],\n \"priority\": \"high\",\n \"project_id\": \"project-uuid\"\n }' \\\n | jq '.'\n\nArchive Task\n# ✅ SAFE: Use jq to build JSON payload\nTASK_ID=\"uuid-of-task\"\nPAYLOAD=$(jq -n --arg id \"$TASK_ID\" '{id: $id}')\n\ncurl -s -X DELETE \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nProjects API\nList Projects\n# All projects\ncurl -s \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# With task counts\ncurl -s \"$YATTA_API_URL/projects?with_counts=true\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {name, task_count, open_count}'\n\nCreate Project\ncurl -s \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"Website Redesign\",\n \"description\": \"Complete overhaul of company site\",\n \"color\": \"#3b82f6\",\n \"icon\": \"🌐\"\n }' \\\n | jq '.'\n\nUpdate Project\n# ✅ SAFE: Use jq to build JSON payload\nPROJECT_ID=\"uuid-of-project\"\nPAYLOAD=$(jq -n \\\n --arg id \"$PROJECT_ID\" \\\n --arg name \"Website Redesign v2\" \\\n --argjson archived false \\\n '{id: $id, name: $name, archived: $archived}')\n\ncurl -s -X PUT \"$YATTA_API_URL/projects\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nGet Project Tasks\n# ✅ SAFE: URL-encode path parameter\nPROJECT_ID=\"uuid-of-project\"\nPROJECT_ID_ENCODED=$(printf %s \"$PROJECT_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/projects/$PROJECT_ID_ENCODED/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nContexts API\nList Contexts\n# All contexts\ncurl -s \"$YATTA_API_URL/contexts\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\n# With task counts\ncurl -s \"$YATTA_API_URL/contexts?with_counts=true\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {name, task_count}'\n\nCreate Context\ncurl -s \"$YATTA_API_URL/contexts\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"@deep-focus\",\n \"color\": \"#8b5cf6\",\n \"icon\": \"🧠\"\n }' \\\n | jq '.'\n\nAssign Context to Task\n# ✅ SAFE: Use jq to build JSON payload with arrays\nTASK_ID=\"uuid-of-task\"\nCONTEXT_ID=\"uuid-of-context\"\n\nPAYLOAD=$(jq -n \\\n --arg task_id \"$TASK_ID\" \\\n --arg context_id \"$CONTEXT_ID\" \\\n '{task_id: $task_id, context_ids: [$context_id]}')\n\ncurl -s -X POST \"$YATTA_API_URL/contexts/assign\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nGet Task Contexts\n# ✅ SAFE: URL-encode path parameter\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/contexts\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nGet Context Tasks\n# ✅ SAFE: URL-encode path parameter\nCONTEXT_ID=\"uuid-of-context\"\nCONTEXT_ID_ENCODED=$(printf %s \"$CONTEXT_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/contexts/$CONTEXT_ID_ENCODED/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nComments API\nList Task Comments\n# ✅ SAFE: URL-encode path parameter\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\ncurl -s \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nAdd Comment\n# ✅ SAFE: URL-encode path + jq for JSON\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\nPAYLOAD=$(jq -n \\\n --arg content \"Waiting on client feedback before proceeding\" \\\n '{content: $content}')\n\ncurl -s -X POST \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nUpdate Comment\n# ✅ SAFE: Use jq to build JSON payload\nCOMMENT_ID=\"uuid-of-comment\"\nPAYLOAD=$(jq -n \\\n --arg id \"$COMMENT_ID\" \\\n --arg content \"Client responded, moving forward\" \\\n '{id: $id, content: $content}')\n\ncurl -s -X PUT \"$YATTA_API_URL/task-comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nDelete Comment\n# ✅ SAFE: Use jq to build JSON payload\nCOMMENT_ID=\"uuid-of-comment\"\nPAYLOAD=$(jq -n --arg id \"$COMMENT_ID\" '{id: $id}')\n\ncurl -s -X DELETE \"$YATTA_API_URL/task-comments\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nFollow-Ups API\nGet Today's Follow-Ups\ncurl -s \"$YATTA_API_URL/follow-ups\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {title, delegated_to, follow_up_date}'\n\nGet Follow-Ups for Date\nDATE=\"2026-02-15\"\ncurl -s \"$YATTA_API_URL/follow-ups?date=$DATE\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nMark Follow-Up Complete\n# ✅ SAFE: URL-encode path parameter\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\ncurl -s -X POST \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/follow-up\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{}' \\\n | jq '.'\n\nUpdate Follow-Up Schedule\n# ✅ SAFE: URL-encode path + jq for JSON\nTASK_ID=\"uuid-of-task\"\nTASK_ID_ENCODED=$(printf %s \"$TASK_ID\" | jq -sRr @uri)\n\nPAYLOAD=$(jq -n \\\n --arg type \"every_n_days\" \\\n --argjson interval 3 \\\n --arg next_follow_up \"2026-02-12\" \\\n '{type: $type, interval: $interval, next_follow_up: $next_follow_up}')\n\ncurl -s -X PUT \"$YATTA_API_URL/tasks/$TASK_ID_ENCODED/follow-up-schedule\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$PAYLOAD\" \\\n | jq '.'\n\nCalendar API\nList Calendar Subscriptions\ncurl -s \"$YATTA_API_URL/calendar/subscriptions\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nAdd Calendar Subscription\ncurl -s -X POST \"$YATTA_API_URL/calendar/subscriptions\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"Work Calendar\",\n \"ical_url\": \"https://calendar.google.com/calendar/ical/...\",\n \"default_context_id\": \"context-uuid\"\n }' \\\n | jq '.'\n\nTrigger Calendar Sync\n# ✅ SAFE: URL-encode path parameter\nSUBSCRIPTION_ID=\"uuid-of-subscription\"\nSUBSCRIPTION_ID_ENCODED=$(printf %s \"$SUBSCRIPTION_ID\" | jq -sRr @uri)\n\ncurl -s -X POST \"$YATTA_API_URL/calendar/subscriptions/$SUBSCRIPTION_ID_ENCODED/sync\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nList Calendar Events\n# Events for date range\nSTART=\"2026-02-10\"\nEND=\"2026-02-17\"\ncurl -s \"$YATTA_API_URL/calendar/events?start=$START&end=$END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nCapacity API\nGet Today's Capacity\ncurl -s \"$YATTA_API_URL/capacity/today\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '{date, utilization_percent, status, used_minutes, total_minutes}'\n\nGet Capacity for Date Range\nSTART=\"2026-02-10\"\nEND=\"2026-02-17\"\ncurl -s \"$YATTA_API_URL/capacity?start=$START&end=$END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.[] | {date, status, utilization_percent}'\n\nTrigger Capacity Computation\ncurl -s -X POST \"$YATTA_API_URL/capacity/compute\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nAnalytics API\nGet Summary Insights\ncurl -s \"$YATTA_API_URL/analytics/summary\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nGet Velocity Metrics\ncurl -s \"$YATTA_API_URL/analytics/velocity\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nGet Task Distribution\ncurl -s \"$YATTA_API_URL/analytics/distribution\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '{by_status, by_priority, by_matrix_state}'\n\nGet Streaks\ncurl -s \"$YATTA_API_URL/analytics/streaks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nGet AI Insights\ncurl -s \"$YATTA_API_URL/analytics/insights\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '.'\n\nMatrix Endpoint\nGet Eisenhower Matrix View\ncurl -s \"$YATTA_API_URL/tasks/matrix\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq '{do_first, schedule, delegate, eliminate}'\n\nCommon Patterns\nDaily Workflow Automation\n\nMorning briefing:\n\n#!/bin/bash\necho \"=== Today's Tasks ===\"\ncurl -s \"$YATTA_API_URL/tasks?status=todo&due_date_lte=$(date +%Y-%m-%d)\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"- [\\(.priority)] \\(.title)\"'\n\necho \"\"\necho \"=== Follow-Ups Due ===\"\ncurl -s \"$YATTA_API_URL/follow-ups\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"- \\(.title) (delegated to: \\(.delegated_to))\"'\n\necho \"\"\necho \"=== Capacity Status ===\"\ncurl -s \"$YATTA_API_URL/capacity/today\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '\"Utilization: \\(.utilization_percent)% - \\(.status)\"'\n\nCreate Task from Email\n#!/bin/bash\n# Extract email subject and body\nSUBJECT=\"$1\"\nBODY=\"$2\"\n\ncurl -s \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"title\": \"'\"$SUBJECT\"'\",\n \"description\": \"'\"$BODY\"'\",\n \"priority\": \"medium\",\n \"import_source\": \"email\"\n }' \\\n | jq -r '\"Task created: \\(.title)\"'\n\nWeekly Planning Report\n#!/bin/bash\nWEEK_START=$(date -v+mon \"+%Y-%m-%d\")\nWEEK_END=$(date -v+sun \"+%Y-%m-%d\")\n\necho \"=== Week of $WEEK_START ===\"\ncurl -s \"$YATTA_API_URL/capacity?start=$WEEK_START&end=$WEEK_END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"\\(.date): \\(.status) (\\(.utilization_percent)%)\"'\n\necho \"\"\necho \"=== Tasks Due This Week ===\"\ncurl -s \"$YATTA_API_URL/tasks?due_date_gte=$WEEK_START&due_date_lte=$WEEK_END\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\" \\\n | jq -r '.[] | \"[\\(.due_date)] \\(.title)\"'\n\nError Handling\n\nCheck response status:\n\nRESPONSE=$(curl -s -w \"\\n%{http_code}\" \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\")\n\nSTATUS=$(echo \"$RESPONSE\" | tail -n1)\nBODY=$(echo \"$RESPONSE\" | sed '$d')\n\nif [ \"$STATUS\" -eq 200 ]; then\n echo \"$BODY\" | jq '.'\nelse\n echo \"Error: HTTP $STATUS\"\n echo \"$BODY\" | jq '.error'\nfi\n\n\nRate limit handling:\n\nRESPONSE=$(curl -s -i \"$YATTA_API_URL/tasks\" \\\n -H \"Authorization: Bearer $YATTA_API_KEY\")\n\n# Check X-RateLimit headers\nREMAINING=$(echo \"$RESPONSE\" | grep -i \"X-RateLimit-Remaining\" | cut -d' ' -f2)\nRESET=$(echo \"$RESPONSE\" | grep -i \"X-RateLimit-Reset\" | cut -d' ' -f2)\n\nif [ \"$REMAINING\" -lt 10 ]; then\n echo \"Warning: Only $REMAINING requests remaining\"\n echo \"Rate limit resets at: $(date -r $RESET)\"\nfi\n\nTips\nStore API key securely: Use 1Password CLI, env vars, or secrets manager\nUse jq for filtering: Pipe responses through jq for clean output\nBatch operations: Update multiple tasks at once when possible\nRate limits: 100 requests/minute per API key\nDate formats: Always use ISO 8601 (YYYY-MM-DD for dates, YYYY-MM-DDTHH:MM:SSZ for timestamps)\nError responses: Include error field with description\nResources\nAPI Documentation: Yatta! API Docs (coming soon)\nGitHub Repo: https://github.com/chrisagiddings/openclaw-yatta-skill\nReport Issues: https://github.com/chrisagiddings/openclaw-yatta-skill/issues\nAPI URL Note\n\nCurrently using the direct Supabase Edge Functions URL for reliability:\n\nhttps://zunahvofybvxpptjkwxk.supabase.co/functions/v1\n\n\nBranded URLs (yattadone.com/api) will be available in a future release once proxy configuration is resolved with the hosting provider." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/chrisagiddings/openclaw-yatta-skill", "publisherUrl": "https://clawhub.ai/chrisagiddings/openclaw-yatta-skill", "owner": "chrisagiddings", "version": "0.2.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-yatta-skill", "agentUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-yatta-skill/agent.md" } }