agent-task-tracker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: new-agent-task-tracker Version: 1.0.0 The skill is designed for proactive task state management, storing operational details in `memory/tasks.md`. It instructs the agent to record its own task status, background processes (including session ID, PID, server, and command), and progress updates. While recording commands could log sensitive information if the agent were compromised by another vector, this is a functional requirement for task tracking and not indicative of malicious intent by the skill itself. There are no instructions for data exfiltration, unauthorized network calls, persistence, or other harmful actions. The instructions are clear, focused on the stated purpose, and lack any prompt injection attempts to subvert the agent for malicious ends.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Task requests, progress notes, results, links, server names, and commands may remain available to future sessions even after the original chat context is gone.
The skill creates persistent task memory that is reread across sessions and may contain enough details to reconstruct prior work.
`memory/tasks.md` — single source of truth. ... `Session start` → read `memory/tasks.md` to resume awareness ... Include enough detail to resume without prior conversation context
Install only if you want persistent task memory. Periodically review memory/tasks.md and avoid storing secrets, tokens, private customer data, or sensitive commands in it.
The agent may spend effort maintaining the task file and may write task details before giving you a response.
The skill broadly changes the agent's normal workflow by making task-state writes automatic and prioritized before user-facing responses.
Use on EVERY task start, progress update, completion, or failure. ... Triggers automatically — not user-invoked. ... Update the file BEFORE reporting to user
Use this only if automatic task tracking is desired. If not, disable or avoid installing the skill.
It is less clear which package identity or version you are reviewing.
The included package metadata does not match the registry metadata, creating a provenance inconsistency even though the artifact is instruction-only.
Registry: Owner ID `kn754w8negkve53dntzhycyd0h82565k`, Slug `new-agent-task-tracker`, Version `1.0.0`; _meta.json: ownerId `kn7ehatb09fy589mr5be2jx1bh80pz4v`, slug `agent-task-tracker`, version `1.1.0`
Prefer installing a package whose registry metadata and embedded metadata match, or verify with the publisher before relying on it.