Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ollama-task-orchestrator
v1.0.0Manage and execute Ollama tasks via SSH on a remote worker, providing queue status, exclusive task locking, and code generation commands.
⭐ 0· 45·0 current·0 all-time
byRajesh Huria@rajeshhuria
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code and runtime instructions: skill.py SSHs to a worker to run runner scripts that check Ollama, invoke model generation, write files, run tests, and execute shell commands. No unrelated cloud credentials, external services, or unexpected binaries are requested.
Instruction Scope
SKILL.md and the included runner scripts stay within the described domain (queue status, codegen, write, test, exec). However, run_task.sh exposes high‑impact capabilities: it can write files into the project directory, run arbitrary shell commands (eval "$cmd"), kill/restart the Ollama server, and its NL interpreter maps natural language to actions (write/test/exec). These are coherent with the skill's purpose but are powerful and should be used only on a trusted worker.
Install Mechanism
There is no remote download/extract. The repo includes an install.sh that copies local runner scripts to the target runner directory and marks them executable. No external installers, URL downloads, or obfuscated installers are used.
Credentials
The registry metadata doesn't require env vars, but the skill and README document several worker and host environment variables (SSH host, runner path, DEFAULT_PROJECT, OLLAMA_MODEL, OLLAMA_URL, etc.). These variables are directly relevant to the skill. The notable privilege is the implicit requirement of SSH key access to the worker and the scripts' ability to read/write project files and run commands — appropriate for the purpose but high in practical privilege.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent configurations. It runs commands over SSH and installs scripts only into the designated runner path via install.sh. Autonomous invocation (model invocation enabled) is default platform behavior; combined with the skill's exec/write capabilities this is powerful, but that combination is explained by the skill's purpose.
Assessment
This skill appears to do what it says: let an agent run Ollama tasks on a remote worker via SSH. Before installing, verify the worker is fully trusted and configured for this use: 1) review runner/run_task.sh and runner/queue_status.sh (they can kill/restart Ollama, eval arbitrary commands, and write files inside PROJECTS_DIR); 2) ensure SSH keys in ~/.ssh/config grant access only to the intended, isolated worker account (prefer a least‑privilege account or VM); 3) set DEFAULT_PROJECT carefully (write/test operations will operate inside that project) and keep ALLOW_NL_EXEC=false unless you trust natural-language→command parsing; 4) do not enable this skill for untrusted or broadly autonomous agents unless you accept the ability to run arbitrary commands on the worker; 5) run the installer and scripts in a sandbox or non-production environment first and audit file permissions. If you want lower risk, use the runner only interactively from a controlled host (avoid giving agents unrestricted access).Like a lobster shell, security has layers — review code before you run it.
latestvk975vvf8cdxej87f2b3wy0qvdh84f5ya
License
MIT-0
Free to use, modify, and redistribute. No attribution required.