Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
long-running-harness
v1.0.0长时程 Agent 项目工作流框架(基于 Anthropic "Effective Harnesses for Long-Running Agents")。 用于创建、管理和调度跨多个上下文窗口的长期项目任务。 Use when: 启动新项目、初始化项目工作流、管理项目任务列表、调度子Agent增量开发、 恢复项...
⭐ 1· 152·1 current·1 all-time
by@aowind
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (long-running project harness) matches the actions in SKILL.md: creating project folders, reading/writing features.json and progress.md, selecting tasks, committing git changes, spawning child sessions, and optionally scheduling cron checks. However the instructions assume availability of system tools (git, bash, curl, npm, pip, python, pytest) and the ability to run project-provided init.sh and tests, yet the skill metadata lists no required binaries or environment requirements — an incoherence that should be addressed.
Instruction Scope
Instructions remain within the declared purpose (manage project state, run one feature per session, enforce tests, update files, git commit). But they explicitly direct the agent to run shell commands and any project-provided init.sh, which can execute arbitrary code, perform package installs, start services, and make network requests. That behavior is expected for a harness but expands the runtime authority significantly and should only be applied to trusted project repositories or sandboxed environments.
Install Mechanism
There is no install spec (instruction-only), which is low risk from the skill distribution perspective. However the provided init.sh templates instruct package installation (npm, pip) and starting services — these actions would download and run third-party code at runtime. The lack of an install step in the skill itself is consistent, but users should note that the skill will routinely execute repository scripts that may install software.
Credentials
The skill declares no required environment variables or credentials, which aligns with its general purpose. But practical execution often relies on system credentials (git remotes requiring git credentials, DB access, package registry/network access). The skill does not request or document these, so users must be aware the agent may attempt operations that implicitly depend on external credentials or network access.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The skill writes/commits to project directories (its intended scope) but does not request persistent system-wide privileges. The scheduling/cron example can make the agent run periodically, so users should control whether and how those schedules are created.
What to consider before installing
This skill appears to do what it says (manage long-running project tasks) but it will run shell commands and project-provided init.sh scripts that can install packages, start services, and execute arbitrary code. Things to consider before installing or using it:
- Only run this on repositories/projects you trust. Review any init.sh, init_db.sh, package.json, requirements.txt, and test scripts before allowing the agent to execute them.
- The skill assumes tools (git, bash, curl, npm, pip, python, pytest) are available but the metadata doesn't declare them — ensure your environment provides these or update the skill metadata to reflect requirements.
- The agent will perform git commits; ensure your git credentials and remote configuration are what you expect, and don't let it commit secrets or credentials into repos.
- If you need strong containment, run the harness in an isolated/sandboxed environment (container/VM) or deny network access so package installs cannot fetch remote code.
- Be cautious with cron job scheduling — the skill includes an example for periodic checks; only enable scheduled runs when you have control over what the agent will execute autonomously.
If you want to reduce risk: require explicit user confirmation before running any init.sh or performing installs, restrict which project paths the skill can act on, and add explicit declarations of required binaries and any expected external credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk973gs0d8pjmq00pv07dw2ab99834g5f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.