Task
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: task Version: 0.1.0 The skill is classified as suspicious due to the instruction in SKILL.md to "For `/task ...`, pass the args through unchanged" combined with `command-arg-mode: raw`. This creates a direct passthrough of user-provided arguments to the `tasker_cmd` tool. While `command-dispatch: tool` implies a controlled environment, this mechanism presents a significant risk if the `tasker_cmd` tool or the underlying execution environment is vulnerable to argument injection or allows arbitrary command execution, potentially leading to malicious execution initiated by a user. The skill itself does not explicitly instruct the agent to perform malicious actions, but it exposes a high-risk capability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may add, complete, or otherwise modify task records when the user asks it to, and explicit /task commands are passed through to the tasker tool.
The skill deliberately exposes a raw argument interface to the tasker tool. This is central to its task-management purpose, but users should understand that explicit commands can invoke the underlying tool directly.
command-tool: tasker_cmd command-arg-mode: raw ... For `/task ...`, pass the args through unchanged.
Use this only with a trusted tasker_cmd tool and review explicit /task commands before asking for destructive or bulk changes.
The safety of task execution depends partly on the separately installed tasker_cmd plugin and tasker CLI.
The included skill is instruction-only and depends on an external plugin tool and CLI that are not included in the reviewed artifacts. This is disclosed and purpose-aligned, but provenance of those external components matters.
It expects: - plugin tool `tasker_cmd` allowlisted (recommended) - `tasker` CLI available via plugin `binary` config, `TASKER_BIN`, or PATH
Verify the source and configuration of tasker_cmd and the tasker binary before allowlisting the tool.
Private task details or notes may be saved and later shown in task views or chat-friendly output.
The skill stores and retrieves task text, captured items, and notes in a persistent docstore. That is expected for task management, but the stored content may contain private work or personal information.
Tasker docstore task management... `capture "<text>" --format telegram` ... `note add <selector...> -- <text...>`
Avoid storing secrets in tasks or notes, and review outputs before sharing them into chat channels.