← Back to Skills Marketplace
Task Engine
by
Rongze Gao
· GitHub ↗
· v1.0.0
401
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install task-engine
Description
Multi-agent task orchestration engine with state machine tracking. Use when complex multi-step projects need automated monitoring, multi-agent collaboration,...
Usage Guidance
This skill appears to be what it claims: a local, file-backed multi-agent task engine. Before installing or enabling it: 1) Verify where the skill files will be placed and update SKILL.md hard-coded paths to your environment (the examples use /home/zeron/...). 2) Back up your heartbeat script and test the heartbeat integration in a sandbox before adding the import snippet—the snippet will cause the skill to run every heartbeat and can change index.json/task files. 3) Inspect config/settings.yaml (guild_id, human_user_id, agent workspace roots) and remove or adjust any values you don't want used; the skill does not include Discord tokens, but it formats messages that your agent (Eva) will send via platform tools. 4) Run the bundled tests (pytest) in an isolated workspace to confirm behavior. 5) If you are uncomfortable with periodic autonomous execution, do not modify the heartbeat and invoke the CLI manually instead.
Capability Analysis
Type: OpenClaw Skill
Name: task-engine
Version: 1.0.0
The skill is classified as suspicious due to a critical prompt injection vulnerability. The `scripts/engine/dispatcher.py` module's `generate_dispatch_prompt` function constructs prompts for other AI agents (e.g., Claude Code) by directly embedding user-supplied `title` and `description` fields from task and subtask definitions. An attacker with the ability to create or dispatch tasks could inject malicious instructions into these fields, which would then be executed by the downstream agent, potentially leading to unauthorized actions, data exfiltration, or arbitrary command execution. While the skill's stated purpose is benign, this flaw represents a significant security risk.
Capability Assessment
Purpose & Capability
Name/description match the included code: a state-machine task engine, dispatcher, heartbeat checker, and Discord-formatting helpers. The files and CLI commands align with the stated orchestration/heartbeat/Discord-notify purpose. There are no unrelated credentials or external services demanded by the skill.
Instruction Scope
SKILL.md instructs running commands from a hard-coded skill root (/home/zeron/...) and to add a snippet into the system heartbeat to import the skill's checker module. The runtime instructions read and write workspace tasks (index.json, task directories) and update task files — which is expected for this tool — but the heartbeat modification gives the skill periodic execution and requires editing system code; follow-up: ensure the paths are correct for your environment and back up heartbeat code before changing it.
Install Mechanism
There is no external installer or download; source files are bundled with the skill. No remote URLs, package installs, or archive extraction are used. This is low-risk from an install mechanism perspective, though the registry metadata calling it 'instruction-only' while many code files are present is an implementation detail to verify.
Credentials
The skill declares no required environment variables or credentials. It reads local config/settings.yaml (which may contain guild_id/human_user_id but not tokens) and the workspace/tasks directory. No secrets are requested or referenced in the files provided. This access is proportional to a tool that manages local task files and notifies via the agent platform.
Persistence & Privilege
always:false (good). However the SKILL.md explicitly asks the operator to modify the system heartbeat to call check_all_tasks, which—once done—gives the skill repeated autonomous execution by the orchestrator. Autonomous invocation is expected for skills, but you should be aware that installing the heartbeat hook will allow the skill to run periodically and modify tasks/index.json without further manual invocation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install task-engine - After installation, invoke the skill by name or use
/task-engine - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: multi-agent task orchestration with state machine (8 states), heartbeat checker, Discord formatter, agent dispatcher, 124 tests
Metadata
Frequently Asked Questions
What is Task Engine?
Multi-agent task orchestration engine with state machine tracking. Use when complex multi-step projects need automated monitoring, multi-agent collaboration,... It is an AI Agent Skill for Claude Code / OpenClaw, with 401 downloads so far.
How do I install Task Engine?
Run "/install task-engine" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Task Engine free?
Yes, Task Engine is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Task Engine support?
Task Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Task Engine?
It is built and maintained by Rongze Gao (@zeron-g); the current version is v1.0.0.
More Skills