ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Work Progress

v4.0.6

工作进度检查技能 - 定期检查待办事项 + 子代理超时/消失检测与自动恢复 + 全量会话监控

0· 341·0 current·0 all-time
byc32@amd5

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for amd5/work-progress.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Work Progress" (amd5/work-progress) from ClawHub.
Skill page: https://clawhub.ai/amd5/work-progress
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install work-progress

ClawHub CLI

Package manager switcher

npx clawhub@latest install work-progress
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (monitor tasks, detect timeouts, auto-recover, session monitoring) match the provided scripts (check-progress.js, auto-recover.js, work-monitor.js). Functionality implemented (state tracking, todo checks, reporting, recovery suggestions) is coherent with the stated purpose.
Instruction Scope
Runtime scripts read and write files under HOME/.openclaw/workspace (state.json, memory/error.md, memory/daily/*.md) and expect to call the 'openclaw' CLI to list sessions. That behavior is consistent with a monitoring skill, but SKILL.md and registry metadata do not declare these config paths or the dependency on the 'openclaw' binary—an omission that should be corrected/confirmed.
Install Mechanism
No network downloads or external install steps. The included install.js only creates expected workspace directories. No remote code fetch or archive extraction is present.
!
Credentials
The scripts rely on an external binary 'openclaw' (invoked via execSync) and on process.env.HOME to access ~/.openclaw/workspace, but the skill metadata declares no required binaries or config paths and lists no credentials. The missing declaration of the runtime dependency (openclaw CLI) and of filesystem paths is a proportionality/packaging mismatch that could cause unexpected failures or privilege surprises at runtime.
Persistence & Privilege
The skill writes/updates files inside the agent workspace (state.json, memory/error.md, created memory/daily and weekly folders). This is expected for a monitoring skill and 'always' is false. It does not request system-wide or other-skill configuration changes.
What to consider before installing
This package implements the described monitoring features, but two things to confirm before installing: (1) It calls the local 'openclaw' CLI (execSync('openclaw ...')) but the skill metadata does not declare that binary as required—ensure you have a trusted openclaw binary on PATH. (2) It reads and writes files under ~/.openclaw/workspace (state.json, memory/error.md, memory/daily/*). If you install, review and back up those directories and check file permissions; the skill will append to error.md and persist state.json. The code does not call external network endpoints, but it uses child_process execSync — if you modify this skill or accept a tampered copy, that could run arbitrary commands. If you proceed, consider running the scripts in --dry-run or --json modes first, inspect the output, and confirm the cron entries and install steps manually.
scripts/check-progress.js:46
Shell command execution detected (child_process).
scripts/work-monitor.js:49
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974fzct668pmzazqx2xqb6f7x84t100
341downloads
0stars
12versions
Updated 9h ago
v4.0.6
MIT-0
c32@amd5
latest
Download

Work Progress Skill - 工作进度检查技能

版本: 4.0.6
创建日期: 2026-03-11
更新日期: 2026-04-14
作者: c32

📋 技能描述

定期检查工作进度和待办事项完成情况,主动检测子代理超时/消失任务并自动恢复。

📂 文件结构

skills/work-progress/
├── SKILL.md                      # 本文件
├── skill.json                    # 技能元数据 (v4.0.2)
├── _meta.json                    # ClawHub 元数据
├── .clawhub/
│   └── origin.json               # 来源信息
├── state.json                    # 任务状态持久化(自动维护)
└── scripts/
    ├── check-progress.js         # 进度检查(Node.js)
    ├── auto-recover.js           # 自动恢复(Node.js)
    ├── work-monitor.js           # 全量会话监控(Node.js)
    └── install.js                # 安装脚本

🎯 功能

check-progress.js — 进度检查

  • 状态同步:发现/注册子代理任务
  • 进度检查:超时检测
  • 待办事项:检查 daily 文件
  • 终态 GC:自动清理完成任务(5 分钟 grace period)

auto-recover.js — 自动恢复

  • 检查超时/消失/失败任务
  • 记录到 error.md
  • 建议恢复操作

work-monitor.js — 全量会话监控

  • 扫描所有 Agent 的活跃会话
  • 检测超时/卡死/失败会话
  • 输出结构化监控报告

📊 Cron 任务

任务频率Job ID
工作进度检查10m6a4bde16
全量工作监控5m98f5a84a

🔄 状态机

pending → running → completed/failed/disappeared → notified → GC

技能位置:~/.openclaw/workspace/skills/work-progress/

Comments

Loading comments...