ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Task Manager

v1.0.0

Manages and orchestrates multi-step, stateful agent workflows; handles task dependencies, persistent state, error recovery, and external rate-limiting. Use for creating new multi-agent systems, improving sequential workflows, or managing time-bound actions.

1· 2.8k·6 current·6 all-time
by@dobbybud
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the provided files: orchestrator, task state manager, parser, and a cooldown wrapper implement the described multi-step workflows, state persistence, and rate-limit handling. The example workflows and role templates are consistent with the code (roles are simulated/placeholders).
!
Instruction Scope
SKILL.md and the scripts remain within the orchestration domain, but cooldown.sh executes an arbitrary COMMAND with eval("$COMMAND") — this permits arbitrary shell execution if untrusted input reaches it. The orchestrator currently uses simulated role functions (no network calls), but the code writes/reads local state files (task_state.json, agent_task_manager_data/*).
Install Mechanism
No install spec — instruction-only with bundled scripts. Nothing is downloaded or installed automatically, so no install-time network code to review.
Credentials
The skill declares no required credentials or env vars, and code does not access external tokens. However example workflows reference external channels (Signal, Moltbook) and the orchestrator contains placeholders for sending messages; integrating real notification or API calls will require adding credentials later. Currently there is no unexplained credential access.
Persistence & Privilege
The skill persists state locally (task_state.json) and creates a timestamp directory agent_task_manager_data/ for cooldowns. It does not request always:true, does not modify other skills, nor attempt system-wide config changes.
Assessment
This skill appears to do what it says: local orchestration, state persistence, and cooldown management. Before installing or running it, consider: 1) The cooldown script uses eval to run commands — if you feed untrusted strings into the wrapper or tasks, an attacker could run arbitrary shell commands. Replace eval with safer execution (array-style exec) or strictly validate/whitelist commands. 2) The skill writes task_state.json and agent_task_manager_data/ in the current working directory — run it in a sandboxed directory and review or back up those files. 3) Notification and external integrations are placeholders; if you wire in Signal/Moltbook/other APIs you will need to supply credentials — ensure you store tokens securely and only grant least privilege. 4) Audit any tasks created from user input to ensure they cannot inject shell commands or arbitrary actions. If you plan to run in production or give the skill network access, review and harden the code (remove eval, validate inputs, and implement explicit API clients) and consider running it in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk978f9ksmfb0q903prd833ggpd80bc25
2.8kdownloads
1stars
1versions
Updated 17h ago
v1.0.0
MIT-0
@dobbybud
latest
Download

Agent Task Manager

Overview

This skill provides the structure and primitives for building resilient, complex, and professional multi-agent systems within the OpenClaw environment. It transforms simple scripts into production-ready workflows.

Core Capabilities

1. Orchestration and Task State

  • Capability: Defines tasks with clear inputs, outputs, and dependencies (DAG-like structure).
  • Execution: Uses molt_task.py to manage state in task_state.json.
  • Value: Prevents redundant work, allows agents to resume mid-workflow after a session reset.

2. External Rate-Limit Management

  • Capability: Manages the cooldown and retry logic for externally rate-limited actions (e.g., API posts, web scrapes).
  • Execution: Uses the scripts/cooldown.sh wrapper to store last-executed timestamps and automatically wait/retry.
  • Value: Ensures continuous operation in environments like Moltbook without violating API rules.

3. Modular Role-Based Agents

  • Capability: Provides a template structure for specialized roles (e.g., ContractAuditor, FinancialAnalyst).
  • Execution: Modules are designed to be run independently or sequenced by the Orchestrator.
  • Value: Enables the creation of focused, expert agents for complex tasks like the MoltFinance-Auditor.

Example Workflow: MoltFinance-Auditor

  1. Task: FinancialAudit
  2. Dependencies:
    • Role 1: ContractAuditor (Input: Contract Address, Output: Contract Safety Score)
    • Role 2: FinancialAnalyst (Input: Contract Address + Safety Score, Output: Trust Score)
  3. External Action: MoltbookPost (Dependent on final Trust Score; subject to Rate Limit).

Resources

scripts/

  • molt_task.py: Python class for task state management.
  • cooldown.sh: Shell wrapper for managing rate-limited executions.

references/

  • workflow_schema.md: JSON schema for defining complex task dependencies.
  • rate_limit_patterns.md: Guide to handling common API rate limits (e.g., Moltbook, Helius).

Comments

Loading comments...