Skillv1.0.3

VirusTotal security

长任务监控方案。实现 Worker-Monitor 架构，Monitor 通过 hook-logger 日志监控 Worker 状态，每轮 10 分钟通过 Announce 汇报。采用主会话轮询机制（因子代理 sessions_send 限制）。推荐 OpenClaw 2.21+。触发词：长任务、监控任务、任务监控 · External malware reputation and Code Insight signals for this exact artifact hash.

Scanner verdict

SuspiciousApr 30, 2026, 4:21 AM

Hash: e868b92a6b3202442d98c60a304d59197f42d9fa4763c054e2ea5c937b7caed1
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: long-task-monitor Version: 1.0.3 The skill implements robust input sanitization (`sanitizeInput`) and uses `execFile` with argument arrays in `long-task.js` to prevent shell injection. However, the `monitor-prompt.txt` explicitly instructs the Monitor Agent to use the `exec` tool to write logs to the filesystem. While the command itself (`echo "..." >> {task_folder}/monitor-rounds/current-round.json`) and its dynamic variables (`{round}`, `{task_folder}`) are sanitized before prompt generation, the direct instruction for an agent to use a powerful tool like `exec` for shell commands, even for a stated logging purpose, introduces a higher risk profile. This is acknowledged in `SKILL.md` as an 'architectural limitation'.
External report: View on VirusTotal