ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Task Finish Contract

v1.0.0

Enforce task completion with explicit Goal/Progress/Next state. Prevent mid-task stalls and ensure evidence-based completion.

0· 327·0 current·0 all-time
by@dalomeve
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the SKILL.md: it enforces Goal/Progress/Next and evidence-based completion. It does not request credentials, binaries, or installs, which is proportionate for a coordination/enforcement policy.
Instruction Scope
All runtime instructions are about producing structured outputs and verifying them in workspace files (memory/{date}.md, artifacts). This stays within the stated purpose. Minor caveats: the verification examples use PowerShell's Select-String (platform-specific) and expect an accessible workspace filesystem; the skill also encourages an autonomous follow-up step (NEXT_AUTONOMOUS_STEP), which is consistent with its goal but means the agent may perform extra actions without further user input.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing is downloaded or written by an installer.
Credentials
The skill does not request environment variables, credentials, or config paths. The included privacy-checklist.md explicitly warns about secrets in files, which is appropriate and consistent with the skill's emphasis on evidence without sensitive data.
Persistence & Privilege
The skill is not set to always:true and does not request elevated or cross-skill configuration. Autonomous invocation is allowed (platform default); this aligns with the skill's purpose of driving task progress but is not an extra privilege granted by the skill itself.
Assessment
This skill is an instruction-only policy to make agents finish tasks and produce evidence; it does not install code or ask for credentials. Before enabling it, ensure the agent's workspace and memory files do not contain secrets (the skill expects to read/write memory/{date}.md and artifact paths). Note the example verification commands use PowerShell (Select-String) — if your agent runs on a non-Windows environment, adapt those checks (e.g., grep). Be aware that the skill encourages autonomous follow-up steps; if you want to limit any automated actions, control the agent's invocation policies or test the skill in a sandboxed workspace first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f564b5a7gz8bjgdzs1z21fx8235wa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments