Task Dispatcher
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its task-orchestration purpose, but its included cleanup policy could automatically delete broad local files without confirmation.
Review or disable the cleanup configuration before use. Keep subagent dispatch and scheduling enabled only with clear approval rules, and do not provide sensitive files or secrets unless you intend them to be shared with the relevant subagents.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent follows this configuration, it could remove local project files or configuration files without a clear user approval step.
The cleanup policy is enabled automatically, disables dry-run, includes broad recursive patterns covering local env and test files, and disables confirmation for delete actions.
cleanup_on_start: true ... cleanup_on_complete: true ... cleanup_on_error: true ... dry_run: false ... - "**/.env.local" ... - "**/*.test.js" ... - "**/*.spec.js" ... action: "delete" ... require_confirmation: false
Disable automatic cleanup by default, set dry_run to true, require confirmation, and scope deletion only to a skill-owned temporary directory with explicit user approval.
Sensitive task details or file paths may be visible to spawned subagents when this dispatcher coordinates work.
The skill is explicitly designed to pass full task context and reference paths to subagents; this is purpose-aligned but expands where task information may be shared.
使用 `subagents` 工具分发任务 ... 每次分发时,确保携带完整上下文:任务目标、相关背景信息、参考资料路径、成功标准
Use the dispatcher only for tasks where sharing the relevant context with subagents is acceptable, and avoid including secrets or unnecessary private files.
If connected to an external scheduler, tasks could run automatically according to that scheduler’s triggers.
The skill contemplates scheduled or heartbeat-triggered use; this is disclosed and purpose-aligned, but users should notice that it may be used outside direct interactive prompts.
适用于:(1)用户直接下达的任务(2)cron/heartbeat 触发的任务(3)任何需要多步骤处理的工作
Only enable cron or heartbeat use with explicit schedules, logging, and approval boundaries for high-impact actions.