Long Task Handler
v1.0.0自动识别并后台执行预计超30秒的长任务,定期推送进度反馈,避免阻塞和任务堆积,支持超时及完成通知管理。
⭐ 0· 107·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md instructions, _meta.json and task-manager.js all align: the skill manages background execution, polling, progress notifications and a small local task state. The declared required tools (exec, process, message, sessions_spawn) match its behavior.
Instruction Scope
Instructions remain within the stated purpose (assess tasks, start background exec, poll progress, notify). They also instruct sending command output to a messaging channel (examples use 'feishu') and spawning isolated child agents (sessions_spawn). These are expected for this skill but mean command outputs may be posted to external channels and child agents will execute tasks — the SKILL.md does not add sanitization or explicit access controls for sensitive outputs.
Install Mechanism
No remote installs or downloads; this is instruction-only with a single local JS module. No extract-from-URL or external package installs are present.
Credentials
The skill declares no required environment variables or credentials. It uses platform tools (message, exec, process, sessions_spawn) as expected. One minor note: messaging examples reference 'feishu' channel but no channel credentials are requested (likely handled by the platform's message tool).
Persistence & Privilege
always:false (normal). The skill writes a local task-state.json in its directory to persist tasks and supports archiving logs — this is reasonable for its purpose. Because it can spawn child sessions and post outputs to messaging channels, enabling it increases the scope of what background code the agent will run and where outputs may be sent; that raises operational considerations but not an incoherence.
Assessment
This skill appears coherent for running and monitoring long-running commands, but review and operationalize before enabling: 1) Inspect the code (task-manager.js) — it persists state to task-state.json in the skill directory and exposes a CLI for listing/cleanup. 2) Confirm where notifications go (example uses 'feishu') and who has access to that channel — command output may contain sensitive data. 3) Limit blast radius: set conservative defaultTimeoutSeconds, maxConcurrentLongTasks, and pollInterval to avoid resource exhaustion. 4) Decide who may invoke the skill (restrict to trusted users) because it will execute user-provided commands in background and can spawn child sessions. 5) If you need stronger guarantees, run the skill in a sandboxed agent environment and review messaging/archiving retention (autoArchive, archiveAfterMinutes). 6) No extra credentials are requested by the skill, but verify your platform's message/exec/process/session tools don't implicitly expose secrets when forwarding output. If you want, I can point out specific lines in task-manager.js to review or suggest additional safeguards to add.Like a lobster shell, security has layers — review code before you run it.
latestvk976pcjv4qcjj8tsrkh55g1cjh83z2he
License
MIT-0
Free to use, modify, and redistribute. No attribution required.