Agent Task Manager

The `scripts/cooldown.sh` file uses `eval "$COMMAND"`, which allows for arbitrary command execution. While intended for a benign purpose (rate-limiting a wrapped command), this is a high-risk primitive that could be exploited if the `$COMMAND` argument is supplied by untrusted input, potentially leading to unauthorized code execution by the OpenClaw agent. Additionally, the `orchestrator.py` and `task_parser.py` define and process task structures with `role`, `action`, and `message` fields, which, if not properly sanitized or if the underlying tools are vulnerable, could be used for prompt injection or command execution, although the current implementation only simulates these actions.