LongTask System
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its long-task orchestration purpose, but review is recommended because failures can be treated as completed, task text can become executable dashboard HTML, and agent routing can default to the wrong agent.
Use this only with trusted task JSON files and monitored agents. Before relying on it, fix failure handling, escape dashboard HTML, specify agent_id on every step or patch routing validation, and keep track of any screen/setsid daemon you start.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A failed subtask can be treated as completed, causing later subtasks to run on missing or bad output instead of stopping or retrying.
The callback accepts a failed result but unconditionally sets the step status to done; the daemon uses step status to decide whether to continue, retry, or fail.
echo "Usage: $0 <task_name> <step_id> <success|failed> [output_path] [error_message]" ... RESULT="$3" ... JQ_EXPR="(.steps[] | select(.id == $STEP_ID)).status = \"done\""
Change complete_step.sh so success sets status done and failed sets status failed, validate the result argument, and test that failures stop or retry as documented.
If a task file contains malicious HTML or JavaScript in a displayed field, opening tasks/cockpit.html could execute it in the browser.
Task-file fields such as step_name and agent_id are interpolated directly into generated HTML without escaping or sanitization.
rows_html += f""" ... <div class="font-bold text-slate-700 text-base truncate">{step_name}</div> ... <span ...>@{agent_id}</span> ... """Escape all task-derived fields with a safe HTML escaping function or an auto-escaping template engine, and only open cockpit files generated from trusted task JSON.
A task without a per-step agent_id can be sent to the default agent/session, potentially exposing instructions or work content to an unintended agent.
Notification routing depends on step-level task data and falls back to bibi; the script does not fail closed or use the documented task-level agent_id fallback here.
AGENT_ID=$(jq -r ".steps[] | select(.id == $STEP_ID) | .agent_id // \"bibi\"" "$TASK_FILE")
FULL_SESSION="agent:${AGENT_ID}:${SESSION_NAME}"Validate agent_id against agents.json, honor task-level defaults consistently, and fail closed when the intended agent is missing or unknown.
The daemon may continue checking task files and sending agent messages after the original session ends.
The documented launch mode deliberately keeps the daemon running after the OpenClaw session would normally clean child processes; this is disclosed and central to the long-task purpose.
screen -d -m -S longtask bash daemon.sh my_task ... 必须使用 `screen` 或 `setsid` 确保 daemon 不被杀掉。
Run it only for trusted tasks, monitor longtask_log, and make sure you know how to stop the screen/setsid process when the task should end.
Important constraints from the previous conversation may not carry into each subtask unless they are repeated in the task message.
Every dispatched subtask begins with /new, which resets the receiving agent's conversation context before the task instructions.
MESSAGE=$(cat <<EOF /new 【长程任务子任务】
Remove or modify the /new prefix if continuity is important, or include all safety and scope constraints explicitly in every task step.