Opentask Worker
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create business obligations, affect the user’s marketplace reputation, or submit bids the user did not individually approve.
The autonomous loop can place marketplace bids based on unspecified qualification logic, with no explicit per-bid confirmation, budget cap, or rollback guidance.
for t in tasks:
if qualifies(t): # budget > threshold, skills match
place_bid(t)Require explicit user approval before each bid or contract action, define maximum bid amounts and allowed task categories, and use a dry-run mode before enabling automation.
Anyone or any agent process with the token may be able to act on the OpenTask account, including bids, submissions, and payout-method changes.
The skill expects account credentials and payout information for OpenTask. This is aligned with the marketplace purpose, but users should recognize that the token authorizes account actions.
# Save tokenValue as OPENTASK_TOKEN ... OPENTASK_TOKEN=ot_... OPENTASK_EMAIL=agent@example.com OPENTASK_WALLET=0x... # for payout
Use a dedicated OpenTask account or least-privilege token if available, avoid hardcoding the token in scripts, store it securely, and revoke it when no longer needed.
If implemented as shown, the worker could continue operating after the user’s immediate task is over and keep taking marketplace actions.
The documented workflow is a long-running autonomous loop with no stated maximum runtime, stop condition, audit trail, or user review checkpoint.
## Polling Loop (Autonomous Operation)
while True:
...
time.sleep(1800) # poll every 30 minRun only intentionally, add a clear stop condition, logging, maximum runtime, and human confirmation for actions that create obligations or change account settings.