progress-selfcheck
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill mostly matches its advertised purpose, but it can repeatedly run stored local task commands on a silent schedule with weak safeguards.
Install only if you want recurring background progress automation. Before enabling the cron job, review or disable auto-reactivation, avoid `auto=true` for broad commands, verify the Feishu target, and periodically inspect the task ledger for unexpected `next` commands.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a task’s stored command is unsafe, stale, or poisoned, the skill can run local programs that modify files, start processes, or perform other actions without a new prompt.
Stale tasks marked auto=true execute a stored command. The guard is only a small external-action substring blocklist, not an allowlist or fresh user approval.
parts = shlex.split(next_cmd) ... res = subprocess.run(parts, cwd=str(Path.cwd()), ...); ... next_cmd = t.get("next") or "" ... rc, msg = run_local(next_cmd)Disable auto-reactivation by default, require explicit approval before each stored command runs, and restrict `next` to a reviewed allowlist of safe scripts or commands.
After installation, the automation may continue acting in the background during scheduled hours, including running eligible stored task commands.
The provided cron snippet runs the skill repeatedly and silently. In this skill, the self-check flow can trigger stale-task reactivation.
"expr": "*/15 8-23 * * *" ... "message": "RUN_LOCAL_JOB: progress selfcheck (python skills/progress-selfcheck-skill/scripts/progress_selfcheck_and_send.py --limit 5)" ... "enabled": true ... "delivery": {"mode": "silent"}Only merge the cron job if you want background automation; consider setting it disabled initially, using visible delivery, and reviewing logs after each run.
A bad or outdated ledger entry can persist across sessions and later cause unintended command execution or misleading task status updates.
The task ledger persistently stores commands and auto-run flags under workspace memory; later reactivation logic trusts that stored state.
return mem / "active_tasks.jsonl" ... "next": args.next, "auto": args.auto, "repeatable": args.repeatable
Protect and regularly review the ledger file, avoid storing broad commands, and require explicit user confirmation when a persisted task becomes eligible for auto-reactivation.
Users may overestimate the safety of auto-reactivation and enable it for commands that can still damage or expose local data.
The documentation frames the feature as safe/local-only, but the implementation still permits arbitrary non-blocklisted local commands.
Auto-reactivation is **local-only**: - blocks URLs and `openclaw message send`
Document the real boundary clearly: the current control is a limited blocklist. Add examples of unsafe commands and prefer allowlisted, reviewable actions.
Progress summaries will be sent using the selected Feishu account to the configured recipient.
The skill uses a configured Feishu account and target for notifications, which is expected for its purpose but should be consciously configured.
"feishu": { "enabled": true, "account": "main", "target": "user:ou_xxx_replace_me" }Verify the Feishu account and target before enabling the cron job, and use a least-privileged or dedicated notification account if possible.
Local task and progress details may leave the OpenClaw workspace and appear in Feishu.
The generated self-check message is sent through the Feishu channel and may include task titles, task status, events, and cron alerts.
openclaw message send --channel feishu --account {account} --target {target} --message "$m"Treat task titles, event notes, and `next` commands as information that may be shared with the configured Feishu recipient.