Task Runner
PassAudited by ClawScan on May 1, 2026.
Overview
Task Runner is a straightforward local task tracker that persists tasks and can export markdown files, so users should avoid storing secrets and choose export paths carefully.
This skill appears safe for local task tracking. Before installing, understand that your task descriptions are saved across sessions and exports write local files; avoid storing secrets and export only to intended workspace or project paths.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Task descriptions may remain available to future sessions, so sensitive information or instruction-like text in tasks could be shown back to the agent later.
The skill intentionally stores task descriptions persistently across conversations; this is central to the stated purpose, but stored text can resurface in later sessions.
Tasks survive session restarts (stored in `~/.openclaw/workspace/tasks_db.json`)
Use it for ordinary task text, avoid storing secrets or credentials, and treat listed task descriptions as data rather than authoritative instructions.
If an export path is chosen poorly, the skill could overwrite an unintended local file with the task report.
The export command writes markdown to a user-supplied path under the workspace, home directory, or /tmp; this is disclosed and purpose-aligned, but it can create or overwrite local files in those areas.
allowed = (in_workspace or in_tmp or in_home) and not blocked ... output_path.write_text(md)
Export to clear workspace or project filenames, avoid dotfiles and configuration directories, and confirm before overwriting existing files.