ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Async Programming

v1.0.0

异步编程任务处理。当用户请求编程任务时,立即调用子 agent + 立即回复确认,无需等待完成即可继续聊天。

0· 554·2 current·2 all-time
by@broommonk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, skill.yaml requirements (sessions_spawn, subagents) and SKILL.md all describe the same capability: spawn subagents to run programming tasks and immediately reply. No unrelated environment variables, binaries, or external endpoints are requested.
Instruction Scope
SKILL.md explicitly instructs using platform APIs (sessions_spawn, subagents(action="list")) and to supply task, label, model, timeout. This matches the purpose. Note: the skill relies on subagents executing code against project paths (examples reference /root/...), but it does not define access controls or limits on what spawned subagents may read/write. Also the SKILL.md prescribes a specific coder model (bailian/qwen3-coder-plus). These are expected for the goal but you should confirm platform-level safeguards for subagent filesystem and network access.
Install Mechanism
Instruction-only skill with no install spec and no code files to write/execute. Low installation risk.
Credentials
No environment variables, credentials, or config paths are required beyond referencing openclaw.json defaults. The declared requirements (sessions_spawn, subagents) are proportional to the stated functionality.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). The skill spawns subagents but does not request persistent system-wide privileges or modify other skills. Consider that autonomous subagent spawning is the intended behavior and grants runtime capability to run code.
Assessment
This skill is coherent for its stated purpose: it will autonomously spawn child agents to do programming work and immediately confirm to the user. Before installing, verify the platform-level permissions and safeguards for sessions_spawn/subagents: confirm what filesystem and network access spawned subagents have, check max concurrent and timeout settings (manifest shows maxConcurrent=8, SKILL.md uses runTimeoutSeconds=900 while defaults show 600), and ensure you are comfortable with agents making code changes to repositories (examples reference /root paths). Also confirm the model used (bailian/qwen3-coder-plus) is acceptable for your environment. If you need stricter limits, ask for explicit sandboxing, reduced concurrency, or review hooks that require manual approval before code-modifying subagents run.

Like a lobster shell, security has layers — review code before you run it.

asyncvk972j8jdmk45qexhhxtrrje3j9822mpdlatestvk972j8jdmk45qexhhxtrrje3j9822mpdprogrammingvk972j8jdmk45qexhhxtrrje3j9822mpdsubagentvk972j8jdmk45qexhhxtrrje3j9822mpd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments