Team Tasks.Skip
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly a coherent multi-agent task tracker, but it hardcodes Telegram/agent session destinations and acknowledges missing guardrails for parallel shared-task coordination.
Install only if you intend to coordinate these exact trusted agents or can replace the hardcoded session keys with your own. Do not include secrets in task descriptions or results, keep the JSON data directory private, and avoid parallel multi-writer use until locking and approval safeguards are added.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private project goals, working directories, task details, and prior-stage outputs could be sent to unintended agent sessions or Telegram groups.
The skill directs the agent to send task messages to concrete Telegram-backed agent session keys, but the artifacts do not show user-specific configuration or verification of who controls those groups.
Dispatch agent: sessions_send(sessionKey="agent:<agent>:telegram:group:<id>", message=<task>) ... | code-agent | `agent:code-agent:telegram:group:-5189558203` |
Only use this with session keys you control; replace hardcoded group IDs with user-configured values and require confirmation before dispatching project content.
Worker agents may be dispatched or marked complete without plan approval, policy checks, or completion gates, increasing the chance of unsafe or unintended development actions.
The artifact itself notes missing governance features around a workflow meant to dispatch code/test/docs work to other agents.
Delegate mode ... Not implemented | High | No guardrails for lead behavior ... Plan approval workflow ... Not implemented | High | Missing governance loop ... Quality gates / hooks ... Not implemented | High | Missing policy enforcement points
Add explicit user approval for dispatch/completion, use restricted worker permissions, and require review before accepting code, test, documentation, or deployment-related outputs.
Parallel or multi-agent updates could corrupt task state, duplicate work, skip dependencies, or propagate incorrect status across the pipeline.
The skill coordinates multi-agent work through shared JSON task files, and its own gap analysis states that concurrent multi-writer safety is missing.
No locking primitives or claim workflow in script | High | Concurrency safety missing for multi-writer use
Use a single trusted coordinator for writes until file locking/atomic updates are implemented; avoid letting multiple agents update the JSON files directly.
Task descriptions, logs, and agent outputs may remain on disk after the workflow ends.
The skill persistently stores task state and results, which is expected for a task tracker but can retain sensitive project context.
Data stored as JSON in `/home/ubuntu/clawd/data/team-tasks/` (override with `TEAM_TASKS_DIR` env var)
Store data in a private directory, avoid putting secrets in task descriptions/results, and clean up old project files when no longer needed.
Users have less registry-level provenance for the included script and must rely on the provided artifact review/static scan.
The registry metadata does not provide source/homepage provenance or an install spec, even though a runnable helper script is included.
Source: unknown ... Homepage: none ... No install spec — this is an instruction-only skill ... 1 code file(s): scripts/task_manager.py
Verify the script source before use and prefer a skill version with declared provenance and installation details.