spec-task
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill enforces a structured task workflow and persistent task archives, and those behaviors are disclosed and aligned with its purpose.
Use this skill if you want strict planning, status tracking, verification, and task archiving. Expect it to create project task files and memory entries; review archive behavior and avoid including secrets or highly sensitive details in persisted task artifacts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may spend time creating and maintaining task documents before doing complex work.
The skill can steer the agent into this workflow for non-trivial tasks and inject reminders into context.
所有非平凡任务必须通过 spec-task 管理... before_prompt_build: 检测工作区状态,注入 prependContext 提醒
Install this only if you want strict task lifecycle enforcement; use another workflow if you prefer lightweight ad-hoc execution.
Task-management actions will be tied to the detected project root, which is appropriate for this workflow but affects where files are created or updated.
The skill describes automatic argument injection for its task-management tools.
before_tool_call: 对 task_create、config_merge、task_archive、task_recall 自动注入 `project_root` 参数
Check that the detected project root is the intended workspace before relying on the workflow.
You have less external context for who maintains the skill or where to verify it.
The package has limited provenance information, although it does not include executable code or an install mechanism.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included instructions and registry owner before installing, especially in shared or sensitive workspaces.
Sensitive task details could be saved into memory and influence future tasks if included in summaries or lessons.
The skill persists task summaries and lessons into agent memory for later reuse.
record_history → 写入 ${agent.workspace}/memory/task-history/YYYY-MM-DD/<task-name>.md ... generate_lessons → 写入 ${agent.workspace}/memory/task-lessons/<capability-keywords>.mdAvoid placing secrets or private data in task summaries, outputs, or lessons, and review archive settings before using the skill on sensitive work.