Agent Task Queue
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent task-queue runtime; its main things to review are expected npm dependencies, optional persistent storage, and long-running scheduler behavior.
This skill looks appropriate for building a task queue, but treat it like infrastructure: only install trusted npm dependencies, avoid placing secrets in queued payloads/results/logs, validate dependency outputs before downstream use, and stop any scheduler workers when you no longer want tasks to execute.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you register handlers that change files, accounts, deployments, or public content, the queue may execute those changes when tasks become ready.
The scheduler automatically executes user-registered task handlers with queued payloads and dependency context. This is the core purpose of the skill, but queued high-impact handlers could run without additional per-task confirmation.
const result = await handler(task.payload, { attempt: task.attempts, signal: controller.signal, dependencies, log: async (...) => this.queue.log(...) });Register only trusted handlers, keep task types narrow, set conservative concurrency/timeouts, and add your own approval steps around high-impact handlers.
Installing the skill’s dependencies will trust packages from the npm ecosystem.
The package uses external npm dependencies with caret ranges, and the README/SKILL.md instruct users to run npm install when dependencies are unavailable. This is normal for the stated TypeScript/SQLite/Redis runtime, but it adds standard package supply-chain exposure.
"dependencies": { "better-sqlite3": "^11.9.0", "redis": "^5.1.0" }Install in a controlled project, review or lock dependency versions if needed, and use your normal npm audit/provenance process.
Task results, logs, and dependency outputs can be reused by later tasks and may persist in SQLite or Redis if those storage backends are selected.
The queue intentionally stores task results and reuses them as context for dependent tasks. This is disclosed and purpose-aligned, but sensitive or untrusted outputs may be persisted and later consumed by other handlers.
Completed dependency results are stored and exposed to downstream handlers through `context.dependencies`.
Avoid putting secrets in task payloads/results/logs, validate dependency outputs before acting on them, and choose storage namespaces/files with appropriate retention and access controls.
A started scheduler can keep running queued work in the background during the process lifetime.
scheduler.start() creates a recurring polling worker that continues claiming and running ready tasks until stop() is called. This is expected queue behavior and is documented, but it is still autonomous ongoing activity.
this.timer = setInterval(() => { void this.tick(); }, this.pollIntervalMs);Use scheduler.tick() for bounded runs, call scheduler.stop() when finished, and avoid leaving high-impact queues running unattended.