ClawHub

durable-task-runner

v0.1.6

Run long-running, multi-step work in OpenClaw without losing it to resets: durable state, progress updates, smart 'continue this' recovery, verification befo...

0· 257·1 current·1 all-time
by@wonko6x9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included artifacts: many Python helper scripts, docs, and a SKILL.md that instruct the agent to create and manage durable task snapshots under state/tasks/. No unrelated cloud credentials, system-level installs, or opaque endpoints are declared. The optional OpenClaw delivery path mentioned in README/SKILL.md explains why the code might send messages, and that aligns with the product purpose.
Instruction Scope
SKILL.md confines runtime behavior to creating/updating files under state/tasks/, using the bundled scripts (e.g., scripts/task_ctl.py, scripts/task_continue.py, scripts/task_resume_*), and optionally installing a user cron entry. It explicitly warns not to use task state for secrets and recommends safe modes (stdout/noop/log-only). The instructions do not direct reading random system files or exfiltrating arbitrary data.
Install Mechanism
There is no install spec (instruction-only skill) and no network download/install step. All code is bundled in the package. The only installer-like behavior is an optional local cron helper (scripts/task_install_tick_cron.sh) that, if applied, modifies the current user's crontab — this is visible and opt-in.
Credentials
The skill requires no environment variables or credentials in its metadata. The docs note that OpenClaw runtime/auth is required only for live delivery; that's reasonable and proportional. It's worth noting the package does not declare or request OpenClaw credentials explicitly — live delivery will depend on whatever OpenClaw auth the runtime already provides.
Persistence & Privilege
The skill writes persistent task state under state/tasks/ and provides an optional current-user cron installer. always is false and the skill is user-invocable (normal). These write actions are proportional to a durable-runner's purpose, but users should be aware the package will create/modify files and (only if you run the helper) the user's crontab.
Assessment
This package appears internally consistent with its stated goal of local durable task orchestration, but before running it: (1) inspect the main scripts (scripts/task_ctl.py, scripts/task_continue.py, scripts/task_resume_bootstrap.py, scripts/task_resume_apply.py, scripts/task_subagent_*.py and scripts/task_install_tick_cron.sh) to confirm there are no surprising network endpoints or commands you don't expect; (2) do not run the cron installer (--apply) unless you want a visible current-user crontab entry; (3) avoid placing secrets in state/tasks/ (the README/SKILL.md already warns about this); (4) prefer delivery modes like stdout/noop/log-only until you confirm OpenClaw messaging behavior is acceptable in your environment; and (5) run the tools as a non-privileged user or in an isolated environment if you want extra caution. If you want a deeper check, share specific script files you'd like reviewed line-by-line or run a local static scan for external hosts/ subprocess executions.

Like a lobster shell, security has layers — review code before you run it.

latestvk979xbctj31s434zptpz51mexh840gpb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments