Task Watchdog
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package could run plugin code that was not included in this review, so the clean static scan does not validate the actual runtime behavior.
The package declares a runtime plugin extension, but the provided file manifest includes no dist/ or src/ runtime code to review. This creates a provenance and review gap for code that would be loaded by the plugin.
"main": "./dist/index.mjs", ... "openclaw": { "extensions": ["./dist/index.mjs"] }Install only from a trusted publisher and verify the package contents include reviewable source or built runtime files before enabling it.
The agent may receive watchdog-generated prompts reminding it to check stalled tasks or respond to failures.
The skill is designed to add instructions or notifications into the agent’s context. This is disclosed and aligned with task monitoring, but it can affect the agent’s next actions.
"heartbeat_prompt_contribution": Injects stale-task patrol instructions into heartbeat cycles
Use the plugin only if you want these automatic reminders, and review or disable heartbeat/timer patrol settings if they are too intrusive.
If command errors contain sensitive details, short snippets could be shown to the parent session and used by the agent.
Notifications may include error or reason text from subagents or exec failures. The truncation is a mitigating control, but the text still becomes part of the parent session context.
"reason" and "error" fields truncated to 200 chars to prevent oversized notifications
Avoid printing secrets in command errors and verify the runtime implementation limits notification content as documented.
While enabled, the plugin may periodically trigger heartbeat checks during gateway operation.
The plugin starts automatically and enables timer-based patrol by default. This is disclosed and configurable, but it is persistent background behavior.
"activation": { "onStartup": true } ... "timerPatrol": { "type": "boolean", "default": true }Adjust timerPatrol, timerPatrolIntervalMs, or staleThresholdMs if the default background checks are not desired.