任务守望者与弹窗杀手 (Task Watchdog)
v0.1.0挂机任务的守护者。定时检查屏幕进度条,自动关闭干扰性系统或广告弹窗,遇致命错误时发送报警。
⭐ 2· 1.1k·12 current·13 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (monitor a progress bar, close popups, send alerts) is consistent with the SKILL.md steps (visual detection, clicking controls, screenshots, optional webhook). However the skill relies on screen-reading and input-simulation capabilities (taking screenshots, recognizing UI elements, simulating mouse clicks) that are not declared in the registry metadata or as required capabilities. That omission is notable because those capabilities are privileged compared with a simple instruction-only skill.
Instruction Scope
SKILL.md directs the agent to capture full-screen screenshots on fatal errors and to send notifications via a user-configured webhook. Capturing and transmitting screenshots can leak sensitive on-screen content (passwords, private documents, chat windows). The instructions give the agent discretion about what endpoints to call and when to send screenshots; they do not constrain destinations or require explicit user confirmation before transmitting potentially sensitive images.
Install Mechanism
There is no install spec and no code files; this is instruction-only, so nothing will be downloaded or written to disk by an installer. That lowers installation risk.
Credentials
The skill requires no environment variables or credentials. That is proportionate in that no cloud/API keys are demanded. However the runtime behavior can still exfiltrate data via network calls (webhooks) even though no credential is declared. The SKILL.md treats webhooks as 'user-configured' but doesn't require or validate a safe endpoint, nor does it declare how authentication (if any) would be supplied.
Persistence & Privilege
The skill does not request permanent presence (always:false), which is good. But it expects autonomous agent actions that manipulate the user interface (mouse clicks) and perform network requests. Autonomous invocation combined with UI control and unrestricted network access increases the blast radius: an agent that mis-recognizes UI elements could click destructive buttons, and screenshots could be sent without tight controls.
What to consider before installing
This skill is coherent with its stated task but asks the agent to do sensitive things: take screenshots, simulate clicks, and optionally send alerts over the network. Before installing, consider: 1) Only enable this skill in a trusted environment and on machines where screen contents are not sensitive. 2) Prefer an explicit, vetted webhook URL (or require manual confirmation) and avoid sending screenshots to unknown endpoints. 3) Test in a controlled session so you can observe what the agent clicks — visual recognition is error-prone and could trigger 'restart' or 'install' actions despite the skill's prohibition on killing processes. 4) If you cannot accept any risk of data leakage from screenshots or automated clicks, do not enable this skill. Additional information that would raise confidence: explicit declarations of required GUI/input permissions, restrictions on allowed network endpoints, an explicit confirmation step before transmitting screenshots, and limits on click targets (e.g., click only within the locked task window).Like a lobster shell, security has layers — review code before you run it.
latestvk97287zq1vb1e9ajrhx54xshzn81tdph
License
MIT-0
Free to use, modify, and redistribute. No attribution required.