Asana
低风险
作者:byungkyu | 审计时间:2026-02-26T09:59:20.936Z | 规则集:0.2.0
技能介绍
使用托管OAuth身份验证访问Asana API。管理用于工作管理的任务、项目、工作区、用户和Webhook。
✨
project -用于筛选任务的项目GID ✨
受理人 -已分配任务的用户GID或“我” ✨
工作区 -工作区GID (如果未指定项目,则为必填项) ✨
completed_since - ISO 8601日期,用于筛选在此日期之后完成的任务 ✨
opt_fields -要包含的字段列表,以逗号分隔 ✨
text -要搜索的文本 使用场景
文档(原文)
来源:SKILL.md 以下为作者原文(通常为英文)。安装请以页面顶部“快速安装”为准。
name: asana
description: |
Asana API integration with managed OAuth. Access tasks, projects, workspaces, users, and manage webhooks. Use this skill when users want to manage work items, track projects, or integrate with Asana workflows. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
compatibility: Requires network access and valid Maton API key
metadata:
author: maton
version: "1.0"
clawdbot:
emoji: 🧠
requires:
env:
- MATON_API_KEY
Asana
Access the Asana API with managed OAuth authentication. Manage tasks, projects, workspaces, users, and webhooks for work management.
Quick Start
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=PROJECT_GID')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Base URL
https://gateway.maton.ai/asana/{native-api-path}
Replace {native-api-path} with the actual Asana API endpoint path. The gateway proxies requests to app.asana.com and automatically injects your OAuth token.
Authentication
All requests require the Maton API key in the Authorization header:
Authorization: Bearer $MATON_API_KEY
Environment Variable: Set your API key as MATON_API_KEY:
export MATON_API_KEY="YOUR_API_KEY"
Getting Your API Key
- Sign in or create an account at maton.ai
- Go to maton.ai/settings
- Copy your API key
Connection Management
Manage your Asana OAuth connections at https://ctrl.maton.ai.
List Connections
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=asana&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create Connection
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'asana'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Get Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"connection": {
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
"status": "ACTIVE",
"creation_time": "2025-12-08T07:20:53.488460Z",
"last_updated_time": "2026-01-31T20:03:32.593153Z",
"url": "https://connect.maton.ai/?session_token=...",
"app": "asana",
"metadata": {}
}
}
Open the returned url in a browser to complete OAuth authorization.
Delete Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Specifying Connection
If you have multiple Asana connections, specify which one to use with the Maton-Connection header:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=PROJECT_GID')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
If omitted, the gateway uses the default (oldest) active connection.
API Reference
Tasks
Get Multiple Tasks
GET /asana/api/1.0/tasks
Query parameters:
project- Project GID to filter tasksassignee- User GID or "me" for assigned tasksworkspace- Workspace GID (required if no project specified)completed_since- ISO 8601 date to filter tasks completed after this dateopt_fields- Comma-separated list of fields to include
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=1234567890&opt_fields=name,completed,due_on')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Review quarterly report",
"completed": false,
"due_on": "2025-03-15"
}
]
}
Get a Task
GET /asana/api/1.0/tasks/{task_gid}
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks/1234567890')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create a Task
POST /asana/api/1.0/tasks
Content-Type: application/json
{
"data": {
"name": "New task",
"projects": ["PROJECT_GID"],
"assignee": "USER_GID",
"due_on": "2025-03-20",
"notes": "Task description here"
}
}
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'name': 'Complete API integration', 'projects': ['1234567890'], 'due_on': '2025-03-20'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Update a Task
PUT /asana/api/1.0/tasks/{task_gid}
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'completed': True}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks/1234567890', data=data, method='PUT')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Delete a Task
DELETE /asana/api/1.0/tasks/{task_gid}
Get Tasks from a Project
GET /asana/api/1.0/projects/{project_gid}/tasks
Get Subtasks
GET /asana/api/1.0/tasks/{task_gid}/subtasks
Create Subtask
POST /asana/api/1.0/tasks/{task_gid}/subtasks
Content-Type: application/json
{
"data": {
"name": "Subtask name",
"assignee": "USER_GID",
"due_on": "2025-03-20"
}
}
Search Tasks (Premium)
Note: This endpoint requires an Asana Premium subscription.
GET /asana/api/1.0/workspaces/{workspace_gid}/tasks/search
Query parameters:
text- Text to search forassignee.any- Filter by assigneesprojects.any- Filter by projectscompleted- Filter by completion status
Projects
Get Multiple Projects
GET /asana/api/1.0/projects
Query parameters:
workspace- Workspace GIDteam- Team GIDopt_fields- Comma-separated list of fields
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/projects?workspace=1234567890&opt_fields=name,owner,due_date')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Q1 Marketing Campaign",
"owner": {
"gid": "0987654321",
"name": "Alice Johnson"
},
"due_date": "2025-03-31"
}
]
}
Get a Project
GET /asana/api/1.0/projects/{project_gid}
Create a Project
POST /asana/api/1.0/projects
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'name': 'New Project', 'workspace': '1234567890', 'notes': 'Project description'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/projects', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Update a Project
PUT /asana/api/1.0/projects/{project_gid}
Delete a Project
DELETE /asana/api/1.0/projects/{project_gid}
Workspaces
Get Multiple Workspaces
GET /asana/api/1.0/workspaces
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/workspaces')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Acme Corp",
"is_organization": true
}
]
}
Get a Workspace
GET /asana/api/1.0/workspaces/{workspace_gid}
Update a Workspace
PUT /asana/api/1.0/workspaces/{workspace_gid}
Add User to Workspace
POST /asana/api/1.0/workspaces/{workspace_gid}/addUser
Remove User from Workspace
POST /asana/api/1.0/workspaces/{workspace_gid}/removeUser
Users
Get Multiple Users
GET /asana/api/1.0/users
Query parameters:
workspace- Workspace GID to filter users
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/users?workspace=1234567890&opt_fields=name,email')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Alice Johnson",
"email": "alice.johnson@acme.com"
}
]
}
Get Current User
GET /asana/api/1.0/users/me
Get a User
GET /asana/api/1.0/users/{user_gid}
Get Users in a Team
GET /asana/api/1.0/teams/{team_gid}/users
Get Users in a Workspace
GET /asana/api/1.0/workspaces/{workspace_gid}/users
Webhooks
Get Multiple Webhooks
GET /asana/api/1.0/webhooks
Query parameters:
workspace- Workspace GID (required)resource- Resource GID to filter by
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/webhooks?workspace=1234567890')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create Webhook
Note: Asana verifies the target URL is reachable and responds with a 200 status during webhook creation.
POST /asana/api/1.0/webhooks
Content-Type: application/json
{
"data": {
"resource": "PROJECT_OR_TASK_GID",
"target": "https://example.com/webhook",
"filters": [
{
"resource_type": "task",
"action": "changed",
"fields": ["completed", "due_on"]
}
]
}
}
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'resource': '1234567890', 'target': 'https://example.com/webhook'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/webhooks', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": {
"gid": "1234567890",
"resource": {
"gid": "1234567890",
"name": "Q1 Project"
},
"target": "https://example.com/webhook",
"active": true
}
}
Get a Webhook
GET /asana/api/1.0/webhooks/{webhook_gid}
Update a Webhook
PUT /asana/api/1.0/webhooks/{webhook_gid}
Delete a Webhook
DELETE /asana/api/1.0/webhooks/{webhook_gid}
Returns 200 OK with empty data on success.
Pagination
Asana uses cursor-based pagination. Use offset for pagination:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=1234567890&limit=50&offset=OFFSET_TOKEN')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response includes next_page when more results exist:
{
"data": [...],
"next_page": {
"offset": "eyJ0eXBlIjoib2Zmc2V0IiwidmFsdWUiOjUwfQ",
"path": "/tasks?project=1234567890&limit=50&offset=eyJ0eXBlIjoib2Zmc2V0IiwidmFsdWUiOjUwfQ",
"uri": "https://app.asana.com/api/1.0/tasks?project=1234567890&limit=50&offset=eyJ0eXBlIjoib2Zmc2V0IiwidmFsdWUiOjUwfQ"
}
}
Code Examples
JavaScript
const response = await fetch(
'https://gateway.maton.ai/asana/api/1.0/tasks?project=1234567890',
{
headers: {
'Authorization': `Bearer ${process.env.MATON_API_KEY}`
}
}
);
const data = await response.json();
Python
import os
import requests
response = requests.get(
'https://gateway.maton.ai/asana/api/1.0/tasks',
headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'},
params={'project': '1234567890'}
)
data = response.json()
Notes
- Resource IDs (GIDs) are strings
- Timestamps are in ISO 8601 format
- Use
opt_fieldsto specify which fields to return - Workspaces are the highest-level organizational unit
- Organizations are specialized workspaces representing companies
- IMPORTANT: When using curl commands, use
curl -gwhen URLs contain brackets (fields[],sort[],records[]) to disable glob parsing - IMPORTANT: When piping curl output to
jqor other commands, environment variables like$MATON_API_KEYmay not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.
Error Handling
| Status | Meaning |
|---|---|
| 400 | Bad request or missing Asana connection |
| 401 | Invalid or missing Maton API key |
| 403 | Forbidden - insufficient permissions |
| 404 | Resource not found |
| 429 | Rate limited |
| 4xx/5xx | Passthrough error from Asana API |
Troubleshooting: API Key Issues
- Check that the
MATON_API_KEYenvironment variable is set:
echo $MATON_API_KEY
- Verify the API key is valid by listing connections:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Troubleshooting: Invalid App Name
- Ensure your URL path starts with
asana. For example:
- Correct:
https://gateway.maton.ai/asana/api/1.0/tasks - Incorrect:
https://gateway.maton.ai/api/1.0/tasks
Resources
安全审计
低风险
摘要
Asana API与托管OAuth的整合。访问任务、项目、工作区、用户和管理Webhook。当用户想要管理工作项、跟踪项目或与Asana工作流程整合时,请使用此技能。对于其他第三方应用,请使用api-gateway技能(https://clawhub.ai/byungkyu/api-gateway)。
风险画像
ToxicSkills 分析
黑名单
未命中
提示词注入
未检测到
当前静态检测未发现 Toxic 信号。
关键风险 0 项
暂无 LLM 风险要点(LLM 未启用或无缓存)。
确定性发现(证据)
未检测到发现。
评分标准
每个技能从 5 个维度评分,加权总分决定星级。
代码毒性 100/100 (权重 30%)
隐私风险 100/100 (权重 25%)
权限范围 100/100 (权重 20%)
作者声誉 75/100 (权重 15%)
代码质量 70/100 (权重 10%)
星级说明
5★ 安全 — 总分 ≥ 80
4★ 良好 — 总分 70–79
3★ 注意 — 总分 60–69
2★ 有风险 — 总分 40–59
1★ 危险 — 总分 < 40
为何是这个评分?
所有维度均高于 60 分,该技能通过安全基线。