Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Task Dispatcher
v1.0.0智能任务分发与子代理协调中枢。当用户提交任何任务时,执行需求分析、任务拆解、分发策略制定,分发给合适的 subagent 执行,监控进度并阶段汇报,最终汇总结果。失败时自动兜底处理。适用于:(1)用户直接下达的任务(2)cron/heartbeat 触发的任务(3)任何需要多步骤处理的工作。
⭐ 0· 420·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (task dispatching, subagent orchestration) align with the provided assets: SKILL.md plus multiple pipeline/agent/budget/review configs. The declared requirements (no binaries, no env vars) are plausible for an instruction-only orchestration skill.
Instruction Scope
SKILL.md instructs the agent to analyze, split, show the plan to the user, then call a 'subagents' tool to spawn/list agents. However, the included configs (cleanup.yaml, budget/deadloop protection, pipelines) imply automatic cleanup and file-deletion behavior (cleanup_on_start: true, cleanup_on_complete: true, cleanup_rules with action: delete, and require_confirmation: false). That conflicts with the SKILL.md's repeated requirement to present the task plan and wait for user confirmation and creates a risk that the skill could cause deletions or other system actions without explicit, user-visible prompts. Configs also reference local filesystem paths (e.g., /Users/xiaotiac/...) and patterns that could cause scanning/deletion of host files if executed.
Install Mechanism
Instruction-only skill with no install spec and no code files; lowest install risk. There is no download/execute/install mechanism included in the package.
Credentials
The package declares no required environment variables or credentials, which is reasonable. But some configuration files reference external endpoints/values (e.g., ${SLACK_WEBHOOK_URL} in review.yaml) and include role/emergency settings that assume admin privileges. There are also hard-coded user-specific paths and patterns in cleanup.yaml and whitelist/blacklist that are unrelated to the high-level purpose and could lead to unexpected host-file access if the orchestration were to act on them.
Persistence & Privilege
always:false (no forced always-on). The skill intends to be a central coordinator ('唯一入口') and can be invoked autonomously (platform default), which is expected for a dispatcher; combined with the config files that permit automatic cleanup/deletions, autonomous invocation would increase potential impact. The skill does not request to modify other skills or system-wide settings in the package itself.
What to consider before installing
Before installing or enabling this skill: 1) Confirm whether your runtime provides a 'subagents' tool and what that tool is allowed to do. 2) Ask the author to clarify/patch cleanup.yaml: set require_confirmation:true, disable cleanup_on_start, and remove any rules that delete arbitrary host files. 3) Remove or parameterize hard-coded absolute paths (e.g., /Users/xiaotiac/...) to avoid accidental access to user directories. 4) Verify that the skill will not read or act on host filesystem paths, environment variables, or webhooks unless you explicitly configure them; if Slack/email/webhook placeholders are used, ensure no secrets are auto-read. 5) Test the skill in a restricted sandbox or non-production account with monitoring/logging enabled to observe behavior (especially any file system or network actions). 6) If you plan to allow autonomous runs, require explicit confirmation for HIGH/CRITICAL actions and audit logs for any auto-abort/auto-delete actions. These checks will reduce the risk that the dispatcher executes destructive cleanup or accesses unintended files.Like a lobster shell, security has layers — review code before you run it.
latestvk975wnedzgajj4ansb529w2ag182hwgk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.