Task Father
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted cron name could overwrite or remove local JSON files the agent can access, not just the intended cron spec.
The cron name is user-controlled and is not slugified or checked before being used as a filesystem path, so path separators or an absolute path can write or delete .json files outside the task's crons directory.
s.add_argument("--name", default=None) ... (task_dir / "crons" / f"{name}.json").write_text(...) ... spec = task_dir / "crons" / f"{name}.json"; if spec.exists(): spec.unlink()Validate cron names with the same slug rules as task slugs, reject absolute paths and '..', resolve the path, enforce it remains inside the task's crons directory, and require explicit confirmation before deletion.
A scheduled job can continue prompting an agent on a recurring schedule until it is removed.
The helper intentionally creates scheduled OpenClaw cron jobs that deliver user-provided messages to the configured agent. This is purpose-aligned, but it is persistent autonomous activity.
"openclaw", "cron", "add", "--name", name, "--cron", cron_expr, "--agent", spec["agent"], "--message", message, "--no-deliver"
Create cron jobs only with explicit user intent, keep prompts narrowly scoped, inspect scheduled jobs periodically, and remove them with cron-rm when the task is finished.
Sensitive details or untrusted instructions placed in these files can persist and influence later work.
The skill intentionally stores durable task context and queue state in files that future agents may read or reuse.
`TASK.md` (front matter + purpose/decisions/blockers/changelog + capabilities) ... optional queue-state files (`queue.jsonl`, `done.jsonl`, `failed.jsonl`, `lock.json`)
Do not store secrets in task files, review or sanitize task docs and queues before using them as context, and clean up stale tasks when they are no longer needed.