Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TESP
v1.0.3Enforce the Task Execution Signal Protocol for non-instant work so execution stays visible, staged, versioned, and auditable. Use when a task will take more...
⭐ 0· 63·0 current·0 all-time
by@wewehg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions' intent (govern execution visibility and staging) and the skill requires no credentials or installs, which is proportionate. However, the protocol explicitly names a user-specific config path (/Users/weweclaw/.openclaw/workspace/TASK_QUEUE.md and TASK_ARCHIVE.md) even though the skill declares no required config paths — this is an inconsistency that could cause the agent to read/write arbitrary files in the user's home.
Instruction Scope
SKILL.md and references instruct the agent to create/update local task board files, enforce cadence, and rely on an 'existing audit cron' in the source workspace. Because this is an instruction-only skill, these are the exact runtime actions the agent will take: touching local files and looking for system-scheduled jobs. The skill does not declare or ask for permission for these filesystem or scheduling actions, and the hard-coded absolute path contains a specific username, which is unexpected and potentially intrusive.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing will be written to disk by an installer; runtime behavior is entirely driven by the instruction text.
Credentials
The skill declares no environment variables or credentials (appropriate for its stated purpose), but the instructions reference configuration paths and an existing 'light audit' cron that imply access to persistent workspace artifacts. Because these paths/configs are not declared in the metadata, there is a mismatch between declared and actual required local resources.
Persistence & Privilege
always:false and no autonomous-permission escalation are fine. But the skill's text implies there is a pre-existing daily audit cron in a 'source workspace' (tesp:light-audit). Since no code or install creates that cron, the statement is misleading — it may prompt the agent to search system cron entries or try to create one without explicit install instructions.
What to consider before installing
This skill appears to be what it says (a protocol to make long tasks visible) and doesn't request credentials or install anything — that's good. However, it hard-codes a user-specific file path (/Users/weweclaw/.openclaw/workspace/...) and claims a daily audit cron exists even though no install or code is included. Before installing or invoking it: 1) confirm or change the task-board path to a location you control (or require explicit permission to read/write); 2) ask the skill author to remove hard-coded usernames and to make any cron/scheduling opt-in with clear install steps; 3) test in an isolated workspace so you can see what files the agent creates/updates; and 4) if you don't want the agent touching your filesystem, do not grant it file access or adjust the protocol to use ephemeral or explicit user-provided storage. These inconsistencies are not proof of malicious intent but are enough to warrant caution.Like a lobster shell, security has layers — review code before you run it.
governancevk97c9symyxtk7kqm05eafwa69184frhxlatestvk97c9symyxtk7kqm05eafwa69184frhxprotocolvk97c9symyxtk7kqm05eafwa69184frhxworkflowvk97c9symyxtk7kqm05eafwa69184frhx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.