ClawHub

Today Task

v1.0.17

通用任务结果推送器,当任务完成后将结果推送到负一屏。使用统一的标准数据格式,支持各种类型的任务结果推送。

1· 388·2 current·2 all-time
byMinus One Screen@ganhaiyang3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description = task result pusher to 负一屏. The code and SKILL.md only require an authCode and pushServiceUrl (from OpenClaw global config or local config.json) and send task JSON to that endpoint. No unrelated cloud credentials, binaries, or system-wide changes are requested.
Instruction Scope
Runtime instructions restrict operations to: building/validating JSON, reading skill/global config (~/.openclaw/openclaw.json for skills.entries.today-task.config), optionally checking for updates on ClawHub, and POSTing to the configured push URL. The scripts log locally and optionally save push records. They do not instruct indiscriminate system file reads or exfiltration to unexpected endpoints beyond the configured push URL and optional ClawHub for updates.
Install Mechanism
No install spec; code is bundled and dependencies are standard (requests). There are no remote downloads, URL-shortened installers, or extracted archives. Network use is via requests to the configured endpoint (default is a named hiboards domain).
Credentials
The skill does not request environment variables or secrets; it reads OpenClaw's global config file (~/.openclaw/openclaw.json) but only to extract skills.entries.today-task.config.* values (authCode and pushServiceUrl). This is proportionate to the stated purpose, but users should be aware the global config file may contain other data — the code attempts to limit reads to the skill's section.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes local logs and optional push_records under its own directories (configurable and user-controlled). Update checks contact ClawHub only if enabled in config.
Assessment
What to check before installing/using: 1) Confirm the pushServiceUrl — default points at a Huawei hiboards endpoint; change to a destination you trust if necessary. 2) Do not paste your authCode into chat; use the openclaw config command as recommended. 3) Avoid including highly sensitive personal data in task_content because the skill will transmit task_content and metadata to the configured endpoint. 4) If you are concerned about local storage, set save_records=false and/or periodically clean logs/ push_records. 5) Review the bundled Python scripts (they are included) and install dependencies (requests) in an isolated environment. 6) Update-checking will contact ClawHub only when enabled — you can disable it if you want to avoid external network calls. Overall the package appears coherent with its stated purpose; the main risks are data-exfiltration to the configured endpoint (intentional and documented) and local storage of pushed content.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d7327jgskmxsrqdx6e76bj9845s9m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments