Agent Task Manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a local workflow-orchestration template, with the main cautions being arbitrary command execution through one helper script and local persistence of workflow state.
This skill looks safe to review and use as a local orchestration template, but do not pass untrusted text into its shell wrapper, do not rely on the placeholder notification as a real message sender, and remember that task state is stored on disk.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A command passed to this helper can modify local files or affect external accounts, and shell metacharacters may be interpreted.
The rate-limit wrapper re-parses and executes an arbitrary supplied command string. This is consistent with its purpose as a command wrapper, but it is broad and could run unintended shell operations if fed untrusted or poorly constructed input.
COMMAND="$@" ... if eval "$COMMAND"; then
Only use the cooldown wrapper with explicit, trusted commands. Avoid building command strings from untrusted task text, and prefer allowlisted commands or safer argument-array execution.
Task names, parameters, results, and other workflow data may remain on disk after the session ends.
The task manager stores workflow status and result data in a persistent local JSON file. This matches the stated purpose, but retained task data can be reused or exposed if the workspace is shared.
def __init__(self, task_name: str, state_path: Path = Path('task_state.json')) ... json.dump(self.state, f, indent=2)Do not place secrets or sensitive personal data in task definitions unless you are comfortable storing them locally; delete or protect the state file when needed.
If used as-is for important alerts, a user may believe a message was sent when no real messaging tool was called.
The notification function is labeled as simulated/placeholder code but still returns a success-looking result. Users could mistake the example workflow for a real alerting integration.
# Placeholder for the actual message tool call ... return {"message_sent": True}Treat the provided workflow as a template. Connect and verify a real notification tool before relying on it for time-sensitive or financial alerts.
The skill may not run in environments without the expected interpreters, and users may not realize scripts are part of the workflow.
The package includes runnable Python and Bash scripts, but the metadata does not declare runtime expectations such as Python or Bash. The source is provided and reviewable, so this is a clarity issue rather than hidden code.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Review the included scripts before running them and ensure the environment has the needed standard interpreters.