Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Parallel Task Executor
v1.0.0多任务并行执行管理器。接收多条指令并同步执行,支持优先级调度、任务依赖、结果收集和进度跟踪。适用于需要并发处理多个独立任务的场景。
⭐ 2· 2.5k·14 current·14 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions and references: the skill is a scheduler/executor that recognizes tasks (file ops, shell commands, network requests, browser actions) and runs them concurrently. The described capabilities are coherent with a 'parallel task executor'.
Instruction Scope
SKILL.md explicitly instructs the agent to identify and run file operations, shell commands, browser actions, HTTP/API requests and database queries. The instructions are permissive and leave decision-making to 'automatic recognition' with no explicit safety checks, confirmation prompts, allowlists/deny‑lists, or limits on paths/endpoints — that broad discretion can lead to execution of sensitive actions without explicit user consent.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is lowest install risk (nothing written to disk by an installer).
Credentials
The skill declares no required env vars or credentials, but supports actions (network/API calls, DB queries, downloads/uploads, shell commands, file read/write) that typically require credentials or access to local files. It also references a user config path (~/.openclaw/openclaw.json). The lack of declared credential usage or guidance for secure credential handling is a missing justification and operational detail.
Persistence & Privilege
always:false (good). However default autonomous invocation is allowed (disable-model-invocation:false) — combined with the skill's open-ended instructions to run commands and access files/networks, autonomous invocation increases the blast radius. The skill does not request persistent privileges or modify other skills, but the combination of autonomous calls + vague guardrails is concerning.
What to consider before installing
This skill appears to do what it claims, but it will instruct the agent to run arbitrary shell/file/network/browser/database operations. Before installing, consider: 1) Only enable if you trust the author; 2) Disable autonomous invocation (require explicit user invocation) so the agent cannot run it without your approval; 3) Run it in a sandboxed environment or test account; 4) Ensure it cannot access sensitive paths or credentials — do not store secrets in global env vars; 5) Ask the maintainer how credential provisioning and safety checks (confirmation prompts, allowlists, path/network restrictions, logging) are handled; 6) If you proceed, monitor actions and review generated ~/.openclaw/openclaw.json for unexpected settings. If you need higher assurance, request a code implementation (not just prose) and an audit of how commands are executed and how inputs are sanitized.Like a lobster shell, security has layers — review code before you run it.
latestvk97947ex7ghp9r6pazzvsccb8580knak
License
MIT-0
Free to use, modify, and redistribute. No attribution required.