ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

agent-task-manager

v1.0.2

Manages multi-step, stateful agent workflows with task dependencies, persistent state, error recovery, and external API rate-limit handling using SkillBoss A...

0· 97·0 current·0 all-time
by@kirkraman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kirkraman/kirk-agent-task-manager.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "agent-task-manager" (kirkraman/kirk-agent-task-manager) from ClawHub.
Skill page: https://clawhub.ai/kirkraman/kirk-agent-task-manager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install kirk-agent-task-manager

ClawHub CLI

Package manager switcher

npx clawhub@latest install kirk-agent-task-manager
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's code and SKILL.md consistently call https://api.skillboss.co/v1/pilot using an environment variable SKILLBOSS_API_KEY, which is coherent with the stated purpose (SkillBoss-backed orchestration). However, the registry metadata lists no required env vars or dependencies; that's inconsistent and misleading (the skill will fail or raise KeyError without SKILLBOSS_API_KEY).
!
Instruction Scope
SKILL.md and the Python scripts instruct the agent to call the SkillBoss API for parsing, LLM inference, and notifications, and to read/write local state files (task_state.json, agent_task_manager_data/*). That scope matches the description, but the instructions access an environment secret (SKILLBOSS_API_KEY) that the registry did not declare — the instructions therefore reference runtime secrets not advertised in metadata.
Install Mechanism
No install spec (instruction-only install). All code is included in the skill bundle; no external downloads or extract steps are specified. This is low-install-risk, but it does mean the included Python scripts will run as-is in the agent environment.
!
Credentials
The only credential used is SKILLBOSS_API_KEY (appropriate for the SkillBoss integration). However: (1) the registry metadata did not declare this required env var, (2) the code will transmit task contents and any parsed user inputs to SkillBoss, which may include sensitive data, and (3) Python dependency 'requests' is used but not declared in metadata. These omissions reduce transparency and raise the chance of accidental secret exposure or runtime failure.
Persistence & Privilege
The skill persists state locally (task_state.json) and creates a timestamp directory ./agent_task_manager_data for cooldowns. It does not request always:true or system-wide config changes and does not modify other skills. This local persistence is proportional to its purpose but operators should be aware that files are created in the working directory and may contain task data.
What to consider before installing
This skill appears to implement the advertised orchestration and SkillBoss integration, but there are important inconsistencies to address before installing: - The code and SKILL.md require SKILLBOSS_API_KEY (os.environ["SKILLBOSS_API_KEY"]) but the registry metadata lists no required env vars. Expect to provide a SkillBoss API key; otherwise the scripts will error. - The Python scripts use the requests library but the skill does not declare dependencies. Ensure your environment has Python 3 and the required packages installed (e.g., pip install requests) before running. - The skill will send parsed human requests, workflow definitions, and any task data to api.skillboss.co. Do not provide sensitive secrets or private data in tasks unless you trust SkillBoss and understand the API key's permissions and retention policy. - The skill writes task_state.json and ./agent_task_manager_data/*. If you run it in a shared environment, consider running in an isolated directory or container to avoid leaking task content. - Source and homepage are unknown. If you need higher assurance, request or verify the publisher identity, check for signed releases, or review the included code yourself. If you cannot verify provenance, run in a sandbox and limit the SKILLBOSS_API_KEY scope (rotate/delete the key after testing). Given these mismatches (undeclared env var and undeclared dependency), treat the skill as suspicious until the author or registry metadata is corrected and you confirm the runtime behavior in a safe environment.

Like a lobster shell, security has layers — review code before you run it.

aivk9772w85zdbk50qe65eq5fhf9x84x7belatestvk9772w85zdbk50qe65eq5fhf9x84x7be
97downloads
0stars
2versions
Updated 1w ago
v1.0.2
MIT-0
@kirkraman
ailatest
Download

name: agent-task-manager name: agent-task-manager description: Manages and orchestrates multi-step, stateful agent workflows; handles task dependencies, persistent state, error recovery, and external rate-limiting. Use for creating new multi-agent systems, improving sequential workflows, or managing time-bound actions. requires.env: [SKILLBOSS_API_KEY]

Agent Task Manager

Overview

This skill provides the structure and primitives for building resilient, complex, and professional multi-agent systems powered by the SkillBoss API Hub. It transforms simple scripts into production-ready workflows, with AI capabilities (LLM reasoning, notification delivery) routed through a single unified endpoint.

Core Capabilities

1. Orchestration and Task State

  • Capability: Defines tasks with clear inputs, outputs, and dependencies (DAG-like structure).
  • Execution: Uses molt_task.py to manage state in task_state.json.
  • Value: Prevents redundant work, allows agents to resume mid-workflow after a session reset.

2. External Rate-Limit Management

  • Capability: Manages the cooldown and retry logic for externally rate-limited actions (e.g., API posts, web scrapes).
  • Execution: Uses the scripts/cooldown.sh wrapper to store last-executed timestamps and automatically wait/retry.
  • Value: Ensures continuous operation without violating API rate limits.

3. Modular Role-Based Agents

  • Capability: Provides a template structure for specialized roles (e.g., ContractAuditor, FinancialAnalyst).
  • Execution: Modules are designed to be run independently or sequenced by the Orchestrator. AI reasoning steps call the SkillBoss API Hub (/v1/pilot) for LLM inference and notification delivery.
  • Value: Enables the creation of focused, expert agents for complex tasks like the MoltFinance-Auditor.

Example Workflow: MoltFinance-Auditor

  1. Task: FinancialAudit
  2. Dependencies:
    • Role 1: ContractAuditor (Input: Contract Address, Output: Contract Safety Score)
    • Role 2: FinancialAnalyst (Input: Contract Address + Safety Score, Output: Trust Score via SkillBoss API Hub LLM)
  3. External Action: NotificationAgent (Dependent on final Trust Score; delivers alert via SkillBoss API Hub email/SMS; subject to Rate Limit).

API Integration

All AI inference and notification delivery is handled through SkillBoss API Hub:

  • Endpoint: https://api.skillboss.co/v1/pilot
  • Auth: Authorization: Bearer $SKILLBOSS_API_KEY
  • LLM response path: data.result.choices[0].message.content

Resources

scripts/

  • molt_task.py: Python class for task state management.
  • orchestrator.py: Workflow execution engine; calls SkillBoss API Hub for AI role execution.
  • task_parser.py: Converts natural language requests to task structures; uses SkillBoss API Hub LLM as fallback parser.
  • cooldown.sh: Shell wrapper for managing rate-limited executions.

references/

  • task_schema.md: JSON schema for defining complex task dependencies.

Comments

Loading comments...