ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Task Supervisor

Manage complex tasks with 5+ steps or duration >20 min, tracking progress via task files and sending periodic status reports until completion or pause.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 237 · 1 current installs · 1 all-time installs
byPeng Shu@Mashirops
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (long-running task manager with progress files and periodic reports) aligns with the SKILL.md: it instructs creating .tasks files, decomposing steps, logging progress, and sending periodic reports. However, the skill expects to send messages via external platforms (mentions WhatsApp and Feishu interchangeably) and to spawn system crons via an 'openclaw' CLI, yet the registry metadata declares no required binaries or credentials. Requesting no environment variables or primary credential is inconsistent with sending messages to external services.
!
Instruction Scope
Instructions tell the agent to create and repeatedly update files under .tasks/, spawn a reporter cron using an 'openclaw cron add' exec, and have that cron read task files and send progress messages. That scope is consistent with a supervisor but includes autonomous background scheduling and automated messaging. The doc mixes messaging targets (WhatsApp vs Feishu) and tells the cron to 'send a Feishu message to the user' without specifying how authentication/recipient mapping occurs. The instructions do not read or transmit unrelated system files, but they do perform autonomous I/O and networked messaging which require explicit credentials and user consent.
Install Mechanism
This is instruction-only with no install spec and no code files, so there is nothing being downloaded or written at install time. That reduces risk from supply-chain install mechanics. The runtime behavior (spawning crons and writing .tasks files) is still potentially persistent, but there is no installer to analyze.
!
Credentials
The skill declares no required environment variables or credentials, yet its runtime actions require the ability to send messages over Feishu or WhatsApp and to schedule crons via an 'openclaw' CLI. Sending messages to external platforms normally requires API tokens/credentials or preconfigured agent integrations; those are not declared. This mismatch is disproportionate and unexplained.
Persistence & Privilege
always:false (good). The skill instructs spawning scheduled reporter crons that run autonomously until the task completes or fails. Creating background scheduled jobs is a legitimate behavior for long-running tasks, but because the cron will autonomously read task files and send external messages, it increases the blast radius — especially combined with missing declarations for which messaging identity/credentials will be used. The skill does not claim to modify other skills or global configs, which is good.
What to consider before installing
Do not enable this skill yet. Ask the publisher to clarify: (1) which messaging platform will be used (WhatsApp or Feishu?) and exactly how recipient identity and authentication are provided (what env vars or agent integrations are required); (2) whether the agent runtime actually provides an 'openclaw' CLI and what privileges that CLI has; (3) where .tasks/ will be stored and who can read those files; and (4) how and when the cron jobs are removed and what safeguards exist to prevent repeated unintended messages. If you proceed, require explicit, per-task consent before creating background crons or sending messages, and ensure messaging credentials are scoped and stored securely (not left implicit).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk978zgb0c6p32xqangmbqq4h65825n9e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Task Supervisor

Manage long-running tasks with checkpoints, progress files, and periodic WhatsApp reports.

Is This a Large Task?

Before doing anything else, mentally check:

SignalLarge?
Steps ≥ 5 OR time > 20 min✅ Yes
User says "take your time / overnight / keep me posted"✅ Yes
Needs sub-agent + cron + multiple domains✅ Yes
Single tool call, quick search, short edit, Q&A❌ No — skip this skill entirely
"Help me write X" (one doc, one sitting)❌ No
"Search for Y and summarize" (few minutes)❌ No

If not large → respond normally, skip task files and crons entirely.

On Task Start

When you receive a large task, immediately:

  1. Create a task file at .tasks/<TASK-SLUG>.md (use kebab-case slug)
  2. Decompose the task into numbered steps
  3. Spawn a reporter cron to send progress updates
  4. Begin execution, updating the file after each step

Task File Format

# Task: <Title>

**Started**: <ISO timestamp>
**Status**: in_progress | paused | done | failed
**Estimated Steps**: N
**Last Updated**: <ISO timestamp>

## Steps

- [ ] 1. First step
- [ ] 2. Second step
- [x] 3. Completed step ✓ (2026-03-02T22:05:00+08:00)
- [!] 4. Failed step — <error summary>

## Log

### Step 3 — 2026-03-02T22:05:00+08:00
Result or notes here.

### Error — 2026-03-02T22:07:00+08:00
What failed and how it was handled.

## Result

(Fill when done — final summary for the user)

During Execution

After every step (success or failure):

  • Update the checkbox in Steps ([x] done, [!] failed)
  • Append a Log entry with timestamp and key findings
  • Update Last Updated timestamp

On failure:

  • Mark step [!] with error summary
  • Try an alternative approach if obvious
  • If truly stuck, set Status to paused and note what's needed

Progress Reporting (Cron)

At task start, spawn a cron reporter using exec:

openclaw cron add "task-report-<SLUG>" \
  --schedule "*/15 * * * *" \
  --message "Read .tasks/<SLUG>.md and send a Feishu message to the user with progress update. Include: completed steps, current step, blockers if any. Keep it under 5 sentences. Remove this cron when Status=done or Status=failed." \
  --once-complete

Adjust interval based on task scope:

  • Quick task (<30 min): every 10 min
  • Medium task (30 min–2 hr): every 15 min
  • Long task (>2 hr): every 30 min

On Task Completion

  1. Fill in ## Result section with a clear summary
  2. Set Status: done
  3. Send a final Feishu message: task name, what was accomplished, any caveats
  4. Remove the progress cron

On Task Failure / Getting Stuck

  1. Set Status: paused
  2. Document exactly what was tried and what's blocked
  3. Send Feishu message alert immediately (don't wait for cron)
  4. Do NOT silently stop — always notify

Resuming a Paused Task

When asked to continue a task:

  1. Read .tasks/<SLUG>.md
  2. Find the last completed step
  3. Continue from there
  4. Re-spawn reporter cron if needed

Multi-Task Awareness

If multiple tasks are running, maintain separate files per task. On heartbeat, check .tasks/ for any in_progress tasks and include a brief status in heartbeat responses.

Quick Reference

SituationAction
Task assignedCreate file, decompose, spawn cron, start
Step doneUpdate [x], append log
Step failedMark [!], try alternative, log error
Truly stuckSet paused, WhatsApp alert immediately
Task completeFill Result, set done, final message, remove cron
Asked for updateRead task file, summarize current state

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…