Task Status
v1.0.0Send short status descriptions in chat for long-running tasks. Use when you need to provide periodic updates during multi-step operations, confirm task completion, or notify of failures. Includes automated periodic monitoring that sends updates every 5 seconds, status message templates, and a helper function for consistent status reporting.
⭐ 11· 9k·97 current·102 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements exactly what the description says: sending status updates, periodic monitoring, and helper functions that dispatch messages via a local Clawdbot WebSocket or the clawdbot CLI. Using a local gateway token and a Telegram target is consistent with a messaging/status skill — but the skill metadata claims no required environment variables while the code expects CLAWDBOT_GATEWAY_TOKEN, CLAWDBOT_GATEWAY_PORT and TELEGRAM_TARGET, which is an inconsistency.
Instruction Scope
Runtime instructions and scripts access environment variables and local IPC (ws://127.0.0.1:<port>/ws) and will attempt to deliver messages to an external Telegram target. The SKILL.md does not document the required CLAWDBOT_GATEWAY_TOKEN or the default TELEGRAM_TARGET that the code will use if not set. The monitoring code writes/reads a .task_status_state.json state file and the logging variant writes message logs to a fixed path (C:/Users/Luffy/clawd/logs), so message content and task names can be written to disk and potentially transmitted to the default target even if the user hasn’t configured recipients.
Install Mechanism
There is no install spec and all code is included with the skill (no external downloads). That reduces supply-chain risk; however, the Python scripts assume dependencies (websocket client) and a 'clawdbot' CLI may be present. Missing runtime dependencies could cause fallback behaviors (printing/logging) or partial sends.
Credentials
The metadata declares no required env vars, but the code relies on CLAWDBOT_GATEWAY_TOKEN (credential), CLAWDBOT_GATEWAY_PORT and TELEGRAM_TARGET. TELEGRAM_TARGET defaults to a numeric ID '7590912486' in code — meaning messages will be delivered to that target if the user does not set TELEGRAM_TARGET. Asking for a gateway token and target is reasonable for a messaging skill, but failing to declare them in metadata and shipping a hard-coded default recipient is disproportionate and risky (potential accidental exfiltration of status content).
Persistence & Privilege
The skill does not request special platform privileges and always:false. It writes a local state file inside the skill directory (.task_status_state.json) and the logging script writes to an absolute path (C:/Users/Luffy/clawd/logs). Those files persist on disk and may contain message content; the skill also spawns background threads while running. There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill appears to implement the stated feature (periodic status messages) but contains a few red flags you should address before using it:
- Required secrets are not declared: the scripts look for CLAWDBOT_GATEWAY_TOKEN and CLAWDBOT_GATEWAY_PORT and a TELEGRAM_TARGET. Set these deliberately; the skill will not prompt for them. Treat CLAWDBOT_GATEWAY_TOKEN as a secret.
- Hard-coded default recipient: TELEGRAM_TARGET defaults to '7590912486' in the code. If you run the scripts without setting TELEGRAM_TARGET, status messages (including any sensitive 'details') could be sent to that ID. Change or remove the default recipient before running.
- Local logging and state files: send_status_with_logging writes message logs to C:/Users/Luffy/clawd/logs and the monitor writes .task_status_state.json in the skill tree. If you care about local privacy or are not on Windows, modify LOG_DIR and the state path to a suitable location or disable logging.
- Dependencies and runtime behavior: the scripts use a WebSocket client (websocket.create_connection) and may call a 'clawdbot' CLI. Ensure you have the correct Python websocket package installed and verify the clawdbot CLI behavior in a test environment.
Recommendations before installing or running:
1. Inspect and (preferably) remove or change the hard-coded TELEGRAM_TARGET default.
2. Declare and securely set CLAWDBOT_GATEWAY_TOKEN and TELEGRAM_TARGET in your environment; verify what the token allows.
3. Change the LOG_DIR path to a directory you control, or disable the logging script if you don't want messages persisted.
4. Run the scripts in a safe test environment and confirm messages go only to destinations you expect (and that no sensitive content is emitted).
5. If you intend to use this with Clawdbot, review Clawdbot gateway docs to confirm the handshake/permissions for the token.
Given these mismatches (missing metadata for env vars, hard-coded recipient, and disk logging), proceed with caution — these are likely oversights but could lead to unintended disclosure if left unmodified.Like a lobster shell, security has layers — review code before you run it.
latestvk97f3gdjthbg5937r1s6785g01801e82
License
MIT-0
Free to use, modify, and redistribute. No attribution required.