ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sub-agent Task Queue

v1.0.0

Concurrent task queue management for sub-agent orchestration. Provides a /queue command for real-time visibility into active, queued, and completed sub-agent...

0· 69·0 current·0 all-time
by@dr-xiaoming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (sub-agent task queue) aligns with the instructions which manage a /tmp JSON queue and describe spawn/complete/fail flows. However, the skill assumes the agent can 'spawn' and 'kill' sub-agents and record sub-agent session IDs without declaring the platform APIs, permissions, or credentials needed. That is a missing but necessary capability for the stated purpose.
!
Instruction Scope
SKILL.md directs creating and updating /tmp/task-queue.json, spawning sub-agents, moving tasks between lists, and terminating tasks, but it does not specify HOW to spawn or kill sessions (no safe API calls or permission boundaries). It also includes guidance to prefer queuing ('better to over-spawn'), which can lead to excessive resource consumption. Writing session IDs and task descriptions to /tmp could expose sensitive data to other local users/processes.
Install Mechanism
This is an instruction-only skill with no install spec and no downloaded code — lowest install risk. The README suggests copying the skill into a target agent's skills directory, which is an administrative action but not inherently dangerous.
Credentials
No environment variables or external credentials are requested in the manifest, which is reasonable. However, practical operation (spawning/killing sub-agents, modifying agent routing) will likely require platform permissions or tokens that are not declared; the omission creates ambiguity about required privileges.
Persistence & Privilege
The skill stores state in /tmp/task-queue.json (ephemeral by default) and recommends placing the skill into agents' skills directories and updating routing config. It does not request always:true or modify other skills directly, but writing session IDs and histories to disk could persist sensitive metadata beyond the chat session if /tmp isn't cleared.
What to consider before installing
This skill is plausibly what it claims to be, but it leaves key implementation and safety details unspecified. Before installing or enabling it: (1) confirm how your OpenClaw agent spawns and terminates sub-agents and what credentials/APIs are required — the skill does not declare or request them; (2) avoid running it on multi-user/shared machines or ensure /tmp is secure, because task descriptions and sub-agent session IDs are stored in /tmp and could leak; (3) set conservative maxConcurrent/maxSameType values and add quotas/rate limits to prevent runaway spawning and resource exhaustion; (4) decide and document the exact mechanism for killing sub-agents (platform API vs. OS process kill) to avoid unsafe commands; (5) test in an isolated environment first. If the author provides explicit, platform-specific spawn/kill APIs and a clear permissions list, the assessment could change to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk979mhefd7ngsgf83bqgmvncax83nber

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments