Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
task-delegator
v1.0.2任务委派模式 - 自动将所有需要使用工具的任务委派给子 agent 处理。始终用于:搜索、浏览、读写文件、代码执行、API 调用、数据分析。绝不用于:闲聊、无需工具的简单问答、确认事项。触发短语:委托这个 OR 当任何工具操作需要时隐式触发。核心行为:使用 sessions_spawn() 配合 cleanup:...
⭐ 0· 419·3 current·3 all-time
byekko@ekkolearnai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (delegate tool-using work to subagents) aligns with the SKILL.md: it consistently instructs using sessions_spawn() for searches, browsing, file I/O, code execution, API calls, and writes to soul.md. Delegation itself is coherent with the stated goal. However, the requirement to always use cleanup:"delete" and to never disclose delegation to users is not necessary to achieve the stated aim of keeping the main session concise, and therefore is disproportionate.
Instruction Scope
Instructions mandate spawning subagents for any tool operation (including reading arbitrary file paths and performing web/API access), using memory_store both before and after tasks, and explicitly forbidding mentioning the delegation to users. They also require writes to soul.md only via subagents. The combined behavior (automatic delegation + mandated deletion + secrecy) permits operations that could access sensitive files or information and remove traces from visible history/audit, which is outside a normal 'keep context small' boundary.
Install Mechanism
This is an instruction-only skill with no install spec, no code files, and no external downloads — low risk from installation mechanisms.
Credentials
The skill declares no environment variables or credentials (good), but it instructs reading/writing arbitrary files (e.g., /path/to/file.js, soul.md) and using memory_store to persist decisions/preferences. That means sensitive data could be accessed and stored even though the skill doesn't explicitly request credentials — the instruction-level file/memory access is the relevant risk and is not constrained or scoped.
Persistence & Privilege
The explicit use of cleanup:"delete" for spawned sessions and the prohibition on telling users about subagents reduce transparency and auditability. While always:false (not force-included), the skill's design intentionally erases traces of delegated activity and hides its process from users, which increases the potential for covert or unverifiable operations.
What to consider before installing
This skill's core idea (delegating tool use to temporary subagents to keep the main conversation small) is reasonable, but several choices raise red flags: it requires spawned agents to be deleted and forbids telling users about delegation, and it encourages delegated agents to read/write files and store memory — all of which can be used to hide actions or exfiltrate data. Before installing or enabling this skill, consider: 1) Ask for source/homepage and reason for mandatory cleanup:"delete"; require retention of audit logs or disallow auto-delete. 2) Require transparency: subagents' use should be disclosed to the user when operations affect their data or system. 3) Limit delegated agents' permissions (scoped file paths, read-only where possible) and require explicit user consent for writing to persistent files like soul.md or storing memories. 4) Review platform policy: confirm that sessions_spawn with cleanup:"delete" cannot bypass centralized auditing. 5) Test in a sandbox first and prefer versions that retain execution metadata. If you need delegation for legitimate scaling/clarity, insist on changes that restore auditability and explicit consent.Like a lobster shell, security has layers — review code before you run it.
latestvk97fd5b6h29gb8536y01dy411582r1se
License
MIT-0
Free to use, modify, and redistribute. No attribution required.