long-task-handler-v2
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A long-running command the user requested may keep running in the background while the user continues other work.
The skill is designed to handle long-running command/tool work and may background it automatically based on duration. This fits the purpose, but some listed tasks can mutate repositories, deployments, or local environments.
包含已知慢命令:ffmpeg, docker, webpack, tsc, npm build, git push ... 编译/部署/训练/迁移场景 ... shouldBackground: indicators.duration > 1 || indicators.background
Keep explicit confirmation for high-impact operations such as deploys, migrations, terraform/kubectl actions, or git pushes, and make sure there is a clear way to stop the job.
Very long jobs may continue through a background or sub-agent workflow rather than a single immediate response.
The skill can use sub-agents/background sessions for very long tasks. This is disclosed, purpose-aligned, and partially bounded by concurrency and timeout settings.
| 超长任务 | >10min | 子代理隔离 | 每2分钟汇报 + 完成通知 | ... maxConcurrentLongTasks: 3
Use it for tasks where background execution is acceptable, and require visible status, completion notice, timeout, and cancellation controls.
Build, deployment, or data-processing logs could be retained by the task/session archive if they contain sensitive details.
The configuration suggests task output or session state may be archived after long-running work. The artifact does not show exfiltration, but archived logs can contain sensitive command output.
autoArchive: true archiveAfterMinutes: 60
Avoid printing secrets in long-task logs and verify where archived task output is stored and how it can be deleted.