Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Local Task Runner
v1.0.0Executes Node.js code snippets or scripts locally with isolation, cleanup, and timeout, serving as a lightweight alternative to spawning subagents.
⭐ 0· 567·2 current·2 all-time
by@d-wwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, SKILL.md, and index.js are coherent: this is a local runner that writes a JS file and executes it with Node. However, the metadata lists no required binaries even though index.js invokes the 'node' binary via child_process.exec, so the declared requirements are incomplete. package.json lists a dependency on 'uuid' that the code does not use (index.js uses crypto), which is an unnecessary/untidy manifest mismatch.
Instruction Scope
SKILL.md and index.js instruct the agent to accept arbitrary JavaScript code, write it to disk, and execute it. That behavior is consistent with the stated purpose but inherently powerful: any executed snippet can read files, access environment variables, make network requests, or spawn processes. The skill itself does not sandbox beyond a timeout and maxBuffer, so the runtime instructions grant broad capability to code provided to the skill.
Install Mechanism
There is no install spec (instruction-only), which limits risk from installers. The package.json is present but there is no install step — the declared dependency ('uuid') is not used by index.js; this is likely an oversight rather than malicious but should be cleaned up to avoid confusion.
Credentials
The skill requests no environment variables or credentials and the provided code does not read env vars. However, because the skill executes arbitrary Node code, any code run could itself read environment variables, credentials available to the agent, or other local data — so the absence of declared env requirements does not prevent runtime snippets from accessing secrets present in the environment.
Persistence & Privilege
The skill does not request always:true and does not modify other skills, and it limits files to its own .tasks directory, which is reasonable. However, model invocation is enabled (agent can call the skill autonomously) and combined with the ability to run arbitrary host code this increases blast radius: an agent that autonomously invokes this skill could run unexpected tasks on the host. Consider restricting autonomous invocation or running the skill within a stricter sandbox/privilege boundary.
What to consider before installing
This skill executes arbitrary Node.js code on your machine — that's exactly its purpose, but it means any code run can read files, network, and environment data. Before installing: ensure you have the Node runtime on the host, only allow trusted callers to invoke the skill (or disable autonomous invocation), and consider running it inside a dedicated low-privilege container or VM. Also ask the author to (1) declare 'node' as a required binary, (2) remove unused dependencies from package.json (uuid), and (3) document recommended sandboxing/permission guidance. If you cannot restrict who or what can call this skill, avoid installing it.Like a lobster shell, security has layers — review code before you run it.
latestvk97796af16tebknwcemgev5s6d81phh4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.