结构化任务规划与分步执行 V2(异步子代理架构)
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for task planning, but it deliberately creates background subagents, cron heartbeats, and local task/session records that users should understand before using it.
Before installing, understand that this skill is an async task orchestrator: after you confirm a plan, it can spawn subagents, keep their sessions, create a cron heartbeat, and store task files under ~/.openclaw/workspace. Review each generated plan carefully, avoid putting secrets in task prompts, and use the documented interrupt command to stop a running task.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A task may keep being monitored or continue running outside the immediate chat turn until it completes or is interrupted.
The skill intentionally creates a recurring background heartbeat session to monitor subagents. This is disclosed and tied to the task orchestration purpose, but it is persistent background behavior.
start 命令自动创建 cron job(`stp-heartbeat-{task_id}`)... 每 10 分钟触发 isolated sessionOnly start tasks after reviewing the plan, and use the documented interrupt command if you want background activity to stop.
Task prompts, subagent IDs, and small pieces of session history may be read and used for status tracking.
The orchestrator reads local OpenClaw session metadata and session files to determine subagent status. This is purpose-aligned for monitoring, but session history can contain sensitive user or task context.
sessions_file = Path.home() / ".openclaw" / "agents" / "main" / "sessions" / "sessions.json"
Avoid placing secrets in task prompts, and review retained task/session files if the task involved sensitive content.
Information produced by one subagent may be shared with another subagent for verification.
The skill passes execution-subagent output into a separate verification subagent. This inter-agent flow is disclosed and central to the design, but it means task data moves between agents.
创建检验子代理... 执行结果:<执行子代理的输出>... label="task-<ID>-step-<N>-verify"
Review the generated plan and avoid including confidential material unless this inter-agent processing is acceptable.
The registry summary may understate the operational capabilities the skill expects.
The included metadata declares permissions and a required binary that are not reflected in the registry requirement summary, and the registry version differs from _meta.json. This is a metadata/provenance inconsistency rather than evidence of unsafe behavior.
"version": "1.2.0"... "permissions": ["read-sessions", "cron", "subagent-spawn"]... "requiredBinaries": ["openclaw"]
Treat the skill as requiring OpenClaw session reading, cron scheduling, and subagent spawning even if those capabilities are not shown in the registry capability signals.