Task Watchdog
ReviewAudited by ClawScan on May 12, 2026.
Overview
Task Watchdog’s stated monitoring purpose is clear, but it declares an auto-starting plugin runtime that is not present in the reviewed files, so its actual behavior cannot be verified.
Before installing, verify the actual npm/plugin package contents and publisher trustworthiness, because the reviewed artifacts do not include the declared runtime code. If you proceed, be comfortable with startup activation, periodic watchdog checks, and automatic notification injection into sessions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package could run plugin code that was not included in this review, so the clean static scan does not validate the actual runtime behavior.
The package declares a runtime plugin extension, but the provided file manifest includes no dist/ or src/ runtime code to review. This creates a provenance and review gap for code that would be loaded by the plugin.
"main": "./dist/index.mjs", ... "openclaw": { "extensions": ["./dist/index.mjs"] }Install only from a trusted publisher and verify the package contents include reviewable source or built runtime files before enabling it.
The agent may receive watchdog-generated prompts reminding it to check stalled tasks or respond to failures.
The skill is designed to add instructions or notifications into the agent’s context. This is disclosed and aligned with task monitoring, but it can affect the agent’s next actions.
"heartbeat_prompt_contribution": Injects stale-task patrol instructions into heartbeat cycles
Use the plugin only if you want these automatic reminders, and review or disable heartbeat/timer patrol settings if they are too intrusive.
If command errors contain sensitive details, short snippets could be shown to the parent session and used by the agent.
Notifications may include error or reason text from subagents or exec failures. The truncation is a mitigating control, but the text still becomes part of the parent session context.
"reason" and "error" fields truncated to 200 chars to prevent oversized notifications
Avoid printing secrets in command errors and verify the runtime implementation limits notification content as documented.
While enabled, the plugin may periodically trigger heartbeat checks during gateway operation.
The plugin starts automatically and enables timer-based patrol by default. This is disclosed and configurable, but it is persistent background behavior.
"activation": { "onStartup": true } ... "timerPatrol": { "type": "boolean", "default": true }Adjust timerPatrol, timerPatrolIntervalMs, or staleThresholdMs if the default background checks are not desired.