ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Queue Task

v0.1.0

Durable queue-task helper for resumable, idempotent batch jobs in task-father task folders.

0· 835·4 current·4 all-time
byZhihao@moodykong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python script all align: the script creates/reads queue.jsonl, progress.json, done.jsonl, failed.jsonl, and lock.json under a workspace/tasks/<slug> layout and provides init/status/lock-management commands. There are no unexpected external service integrations or credentials required.
Instruction Scope
Runtime instructions are narrowly scoped to initializing and managing on-disk task state and printing a supervisor template. SKILL.md does not instruct the agent to read unrelated system files, transmit data to external endpoints, or access secrets. It does list a few prerequisite commands (python3, openclaw, cron) but those are informational and not used by the script itself.
Install Mechanism
No install spec is provided (instruction-only plus a bundled script). There are no network downloads or archive extracts. The only runtime dependency is python3, which is appropriate for the included script.
Credentials
The skill declares no required environment variables or credentials. SKILL.md and config.env mention configuration keys (WORKSPACE_DIR, TASKS_DIR, etc.) stored in a local config.env file — these are non-secret settings appropriate for the tool. Note: the script uses a hardcoded default WORKSPACE_DIR of /home/miles/.openclaw/workspace if no config is provided, which is non-sensitive but could cause files to be created in an unexpected path on another machine.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. Its persistent effects are limited to creating/reading files under the configured workspace/tasks folder and adding TASK.md/TODOS.md if missing; it does not modify other skills or system-wide agent config.
Assessment
This skill is a local helper for managing durable queue state and appears coherent and low-risk. Before installing or running it: 1) Inspect and, if needed, edit config.env to set WORKSPACE_DIR to a path you control (the default is /home/miles/.openclaw/workspace which may not exist on your machine). 2) Run the script as an unprivileged user (don't run as root) to avoid unintended file writes to system-owned locations. 3) Test in a disposable workspace to confirm behavior (it will create queue.jsonl, progress.json, done.jsonl, failed.jsonl, lock.json and may write TASK.md/TODOS.md). 4) No network calls or secret env vars are required, but if you adapt the script to add integrations, re-review for credential use or external endpoints. If you want higher assurance, run the commands locally with --config pointing to a dedicated config.env and inspect created files after init/status.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d0m5bwv6690vbzkz4wjhnrh81nb39

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments