Async Task
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it claims—help long-running tasks report back later—but it can send messages through your OpenClaw/Clawdbot session and stores recent task state locally.
This skill is reasonable if you want long tasks to report back after timeouts. Before installing, confirm you trust the package/source, be aware it can send messages to your active OpenClaw/Clawdbot session, use an explicit session ID when needed, and configure only trusted HTTPS push endpoints.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill will execute local CLI commands on the user's machine.
The script executes local commands to detect the OpenClaw/Clawdbot CLI and later invoke session-send functionality. This is central to the stated purpose and the shown command is fixed, not user-controlled.
execSync('which openclaw', { stdio: 'pipe' });Only install it in environments where you trust the OpenClaw/Clawdbot CLI and the async-task package.
Task results or pushed messages may be sent through the user's active OpenClaw/Clawdbot account/session.
The tool uses the local OpenClaw/Clawdbot session authority to discover an active session and send assistant messages to it. This is disclosed and purpose-aligned, but it relies on the user's existing session privileges.
execSync(`${CLI} sessions --active 5 --json 2>/dev/null`, ...); ... spawnSync(CLI, ['sessions', 'send', '--session', sessionKey, content], ...)Use OPENCLAW_SESSION when you need to target a specific session, and avoid using the tool when multiple active sessions could cause confusion.
A configured external endpoint can receive task results and session identifiers, which may include sensitive information.
If a custom push endpoint is configured, the skill sends the session ID and assistant message content to that endpoint, optionally with a bearer token. This is documented as an advanced feature.
const CUSTOM_PUSH_URL = process.env.ASYNC_TASK_PUSH_URL || ''; ... JSON.stringify({ sessionId: sessionId, content: content, role: 'assistant' })Configure only trusted HTTPS endpoints and avoid sending secrets or private data unless the endpoint is intended to receive them.
Recent task details may remain on disk after completion.
The script persists the current task and recent history, including descriptions, results, errors, timestamps, and session IDs, in a local state file.
const STATE_FILE = path.join(STATE_DIR, 'async-task-state.json'); ... state.history.push({ ... result: message ... });Avoid putting secrets in task descriptions/results, and delete the state file if you need to clear local history.
Installing globally makes the async-task command available system-wide to agents or users with shell access.
The documented setup installs or links a global executable from a GitHub/package source. This is a normal CLI distribution pattern, but it gives the installed script broad local execution ability.
git clone https://github.com/Enderfga/openclaw-async-task.git ... npm link ... cp async-task.js /usr/local/bin/async-task
Verify the source before global installation and prefer a pinned package/version when possible.