Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Task Tracker Pro
v1.0.2持久化任务管理:拆解步骤、追踪进度、中断恢复、多Agent协作。 触发场景: - 收到需要多步骤执行的任务("帮我做XX"、"搞一个XX") - 新对话/会话启动时自动检查未完成任务 - 用户问"任务进度"、"做到哪了"、"继续上次的" - 用户说"建个任务"、"拆解一下"、"规划一下步骤" 核心理念:不信任对话...
⭐ 0· 360·2 current·2 all-time
by@yurio99
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim persistent task tracking; SKILL.md only requires creating, reading, updating, and moving Markdown files under ~/.openclaw/workspace/tasks — this is coherent. However the instruction to '执行该步骤的实际工作' is underspecified and could justify additional capabilities (network calls, shell actions) not explicitly declared.
Instruction Scope
Instructions explicitly read/write files in ~/.openclaw/workspace/tasks/, move files to tasks/done/, and run a simple ls on startup — all consistent with persistence. But the runtime guidance grants broad discretion ('execute the actual work' for each step, '记录执行日志') without limiting which system resources, external endpoints, or commands may be used; that ambiguity could allow the agent to access other files, call APIs, or run shell commands beyond what a user expects.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — lowest install risk (nothing downloaded or written by an installer).
Credentials
Skill requests no environment variables, no credentials, and no config paths beyond its own workspace directory. That is proportionate to its stated purpose.
Persistence & Privilege
Does not set always:true and does not modify other skills or system-wide configs. It will create and update files in the user's OpenClaw workspace, which is expected for a persistence-focused skill; autonomous invocation is allowed by platform default but is not elevated here.
What to consider before installing
This skill appears to do what it says (persist task state to ~/.openclaw/workspace/tasks/) and asks for no credentials, which is good. However, the runtime instructions are vague about what '执行该步骤的实际工作' means — an agent following this could perform arbitrary actions (network requests, shell commands, read other files) to complete steps. Before installing or enabling it: 1) Confirm how your agent runtime restricts file and network access; run the skill in a sandbox if possible. 2) Inspect any created task files regularly and set filesystem permissions for ~/.openclaw/workspace/tasks. 3) If you want tighter control, ask for a version of the skill that explicitly limits allowed actions (e.g., only local edits to task files, no external network calls) or require explicit user confirmation before performing non-file operations. 4) Monitor logs for unexpected outbound requests. These precautions reduce the risk that vague 'do the work' instructions are used to perform unwanted operations.Like a lobster shell, security has layers — review code before you run it.
latestvk978dtmkbzxwkym6revjtqa6zn83pr5r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.