Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Autonomous Task Runner
v2.1.0Persistent task queue system. Users add tasks at any time via natural language; tasks are stored in a single persistent queue file and executed asynchronousl...
⭐ 0· 787·1 current·2 all-time
byChunhua Liao@chunhualiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, declared tools (write, exec, message, web_search, subagents, optional cron), and the SKILL.md all align: a persistent queue that writes files, spawns subagents to run tasks, and reports results legitimately needs filesystem writes, cron/heartbeat integration, and subagent spawning.
Instruction Scope
Runtime instructions explicitly tell the agent to create ~/.openclaw/tasks/, initialize a persistent queue file, append an entry to HEARTBEAT.md, and 'CALL cron tool' to register a recurring job on first use. The skill also immediately runs the DISPATCHER in the same turn as INTAKE, which means queued tasks may be executed autonomously right after being added. These instructions modify agent-managed config files and system scheduling without an explicit interactive opt-in at the moment of installation.
Install Mechanism
Instruction-only skill (no install spec, no downloads). Nothing is written to disk by an installer, though the runtime instructions do write to user config paths; absence of external install URLs reduces supply-chain risk.
Credentials
The skill requests no environment variables or external credentials (good). It does require access to agent config files (TOOLS.md, HEARTBEAT.md) and the user's home directory to persist the queue and archives — these are proportional to a persistent task runner, but they grant access to agent-local configuration and persistent storage which could contain sensitive entries. The skill's declared permissions match the requested file/cron/subagent actions.
Persistence & Privilege
The skill creates and maintains a persistent queue file that accumulates indefinitely (archive after configured days) and registers a recurring cron job and heartbeat entry on first-run. It also spawns subagents and can run exec/tool-based code for 'code-execution' task types. While these are coherent with a task-runner, they increase long-term attack surface and can enable autonomous background actions; the skill performs these privileged modifications automatically on first INTAKE (auto-setup behavior).
What to consider before installing
This skill appears to implement what it claims (a persistent task queue), but it will: create ~/.openclaw/tasks/, append a dispatcher entry to HEARTBEAT.md, and register a recurring cron job on first use; it also spawns subagents and can run shell commands as part of tasks. Before installing: 1) Decide whether you are comfortable with automated edits to HEARTBEAT.md and adding a cron job — these happen on first use; 2) Review what 'subagents' and tools (exec, message, web_search) the agent currently has access to, because tasks (including code-execution or messaging tasks) will run with those capabilities; 3) Consider limiting use to non-sensitive tasks or testing in a sandboxed agent/account; 4) Back up HEARTBEAT.md and any config files the skill will modify; 5) If you want manual control, ask the skill engineer to make first-run setup explicit (require user confirmation) or to disable immediate DISPATCHER execution so tasks only run after your approval.Like a lobster shell, security has layers — review code before you run it.
latestvk970xzsexrb2ertpcjpr5wj5dn81d95r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.