← Back to Skills Marketplace
Task Router Skill
by
captmarbles
· GitHub ↗
· v1.0.0
855
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install task-router-skill
Description
Distributed task queue for OpenClaw multi-agent systems that routes tasks by capability, tracks lifecycle, coordinates async handoffs, rebalances load, and m...
Usage Guidance
This skill appears to implement a local task router and is internally consistent, but it leaves out important operational and security details. Before installing or using it in production, verify: (1) how agents authenticate and how registrations/heartbeats are authorized (prevent rogue agents from registering or stealing tasks); (2) the network transport used for agent communication and whether it uses TLS; (3) how notifications to external services (Discord, etc.) are configured and where secrets are stored; (4) who can run the 'task' CLI and whether file permissions on ~/.openclaw/task-router are restricted; (5) whether logs or task payloads may contain sensitive data and how they're protected. If the publisher cannot document agent auth, token handling, and runtime hosting, run the router in a sandboxed environment only and audit agent registrations and filesystem permissions.
Capability Analysis
Type: OpenClaw Skill
Name: task-router-skill
Version: 1.0.0
The skill is classified as suspicious due to several potential vulnerabilities, primarily related to prompt injection vectors and broad file system access, rather than clear malicious intent. The `HEARTBEAT.md` script uses `sessions_send` to notify other agents about task completion, including user-controlled `task.title` and `task.result` (a file path). This creates a potential prompt injection vector if a malicious actor crafts these inputs. Additionally, CLI commands like `task export` allow writing task data to arbitrary user-specified file paths, and `task result` allows viewing arbitrary result files, which could be abused for unauthorized file access or writes if input paths are not properly sanitized. While these capabilities are plausible for a task router, the lack of explicit input sanitization for user-controlled strings and paths presents significant security risks.
Capability Assessment
Purpose & Capability
Name, description, and the CLI/config examples align: a task router using a local filesystem layout (~/.openclaw/task-router) to track queues, agents, and tasks. There are no unrelated environment variables, binaries, or install steps requested that would contradict the stated purpose.
Instruction Scope
SKILL.md is an instruction-only spec that describes task lifecycle, CLI usage, and the config/queue layout but omits how agents authenticate or how the router is invoked/hosted. It also mentions external notification channels (e.g., Discord) without documenting required endpoints or secrets. Because it gives no constraints on who can register an agent or how heartbeats are authenticated, the instructions allow ambiguous agent registration and potential impersonation/unauthorized task consumption.
Install Mechanism
There is no install spec and no code files — lowest-risk delivery model. The doc references a 'clawhub install task-router' step, which is an expected convenience instruction but not a downloaded install spec in the package. No archives or remote URLs are used by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a local, config-file–based router. However, the docs hint at external notification channels (Discord, etc.) and multi-agent heartbeats without specifying tokens, network endpoints, or authorization — either those integrations are intentionally omitted (benign), or the skill expects external secrets to be configured later (not documented). This lack of explicit credential handling is a gap worth clarifying.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill stores state under ~/.openclaw/task-router, which is scoped to the user's home and consistent with its function. It does not request system-wide config changes or other skills' credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install task-router-skill - After installation, invoke the skill by name or use
/task-router-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
task-router-skill 1.0.0
- Initial release of a distributed task queue and agent coordinator for OpenClaw multi-agent systems.
- Provides capability-based task routing, async handoffs, task lifecycle tracking, workload rebalancing, and dead letter handling.
- Includes CLI for task and agent management, as well as a TypeScript API for programmatic integration.
- Supports multi-step workflows, health monitoring, and robust agent management features.
- Configurable via YAML files for router settings, agent registry, and queue storage.
Metadata
Frequently Asked Questions
What is Task Router Skill?
Distributed task queue for OpenClaw multi-agent systems that routes tasks by capability, tracks lifecycle, coordinates async handoffs, rebalances load, and m... It is an AI Agent Skill for Claude Code / OpenClaw, with 855 downloads so far.
How do I install Task Router Skill?
Run "/install task-router-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Task Router Skill free?
Yes, Task Router Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Task Router Skill support?
Task Router Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Task Router Skill?
It is built and maintained by captmarbles (@capt-marbles); the current version is v1.0.0.
More Skills