← Back to Skills Marketplace
618
Downloads
2
Stars
2
Active Installs
12
Versions
Install in OpenClaw
/install task-specialist
Description
A robust, local SQLite-backed task management system designed to elevate your AI agent's project execution. Excellent for both simple tasks and large multi-s...
Usage Guidance
This skill appears to be what it claims: a local, SQLite-backed task CLI implemented in bundled Bash scripts. Before installing, consider these practical steps: 1) Run install.sh from a project/workspace directory (it creates $PWD/.tasks.db) so data stays scoped to that project. 2) Do not put secrets (API keys, passwords) into task notes — notes and exports (--json) will include whatever you store and are easy to read by other agents or scripts. 3) If you do not want a persistent CLI on your system, skip the --symlink option when running install.sh. 4) Review any verification_cmd strings stored in tasks before running them manually — the skill prints them but does not auto-execute them. 5) Limit filesystem permissions on .tasks.db (e.g., chmod 600) if the DB will contain sensitive context. 6) If you plan to spawn Subagents, only do so to agents/processes you trust, since they will be able to read/write the same workspace DB and notes. If you want, audit the bundled scripts locally (they are plain Bash) to confirm they meet your security expectations.
Capability Analysis
Type: OpenClaw Skill
Name: task-specialist
Version: 2.1.0
The Task-Specialist bundle is a robust local task management system using SQLite and Bash. The code demonstrates high security awareness, utilizing strict integer validation (require_int) and string escaping to prevent SQL injection. Notably, the 'verification_cmd' feature in cmd_complete.sh explicitly avoids auto-execution (RCE prevention), instead printing the command for manual verification. The swarm orchestration logic is well-documented in SKILL.md and implemented using safe atomic SQL operations without any evidence of data exfiltration, unauthorized persistence, or malicious prompt injection.
Capability Assessment
Purpose & Capability
Name/description (local SQLite task manager) matches required binaries (sqlite3, bash), the included scripts, and the SKILL.md guidance. The files implement a CLI that manipulates a local $PWD/.tasks.db as described — nothing requested is disproportionate to a local task manager.
Instruction Scope
SKILL.md instructs agents to install and use the local CLI and to spawn Subagents (sessions_spawn) that read the workspace DB ($PWD/.tasks.db) and use 'task claim'/'task complete'. That is coherent for a Swarm orchestration use-case, but it means any spawned worker with access to the workspace can read/write all task notes and metadata. The skill explicitly warns not to store API keys in notes and disables auto-execution of verification_cmd, which reduces RCE risk. Still: notes and DB exports can contain arbitrary text (URLs, file paths, error messages) and therefore are a potential leakage vector if other agents or processes are untrusted.
Install Mechanism
There is no network download or external package install: install.sh is bundled and run locally, creates the DB, marks scripts executable, and optionally symlinks into ~/.local/bin. No external URLs, no archive extraction, and no automatic remote code fetches were found.
Credentials
The skill declares no required environment variables or credentials. It optionally honors TASK_DB to override the DB path. It does not require unrelated credentials or access to system config. The feature set (notes, exports) can expose sensitive content if the user places secrets there — the SKILL.md warns against that, and the code avoids sending data externally.
Persistence & Privilege
The skill is not force-included (always: false) and does not request elevated platform privileges. Symlinking into ~/.local/bin is optional and opt-in. The skill does not modify other skills' configurations or system-wide settings beyond optional user-controlled symlinks.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install task-specialist - After installation, invoke the skill by name or use
/task-specialist - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
Added Due Dates, Assignees, Tags, Unblock, and Restart. Security constraint for verify_cmd execution.
v2.0.1
- Added a warning to never store API keys or secrets in task notes; recommend using secure local environment variables.
- Clarified that task notes are for URLs, file paths, or error codes (removing API key examples).
- Updated Swarm Orchestrator Guide notes section to reference git SHAs instead of API keys.
- Modified the Subagent completion process: tasks with checkpoint validations now print the verification command for manual execution, rather than running automatically.
- Improved documentation accuracy and security guidance regarding context persistence.
v2.0.0
Version 2.0.0 introduces parallel "Swarm" agent support and new atomic commands:
- Added `task claim` for atomic, race-condition-free task assignment—enabling safe parallel agent execution.
- Implemented Kanban-style `task board` for live visual workflow monitoring.
- New `task note` command allows agents to persist context, logs, or critical runtime data directly to tasks.
- Enhanced multi-agent orchestration and subagent guidance in documentation, including agent-specific best practices.
- Support for verification checkpoints—tasks can require a shell command to pass before permitting completion.
- Expanded CLI and agent principles to avoid race conditions in collaborative/parallel task flows.
v1.2.2
Resolved high-confidence 'Suspicious' flag: Aligned task-heartbeat.sh with the workspace-scoped database architecture (/home/oboda/Projects/Task-Specialist Skill/.tasks.db).
v1.2.1
CRITICAL: Fixed data loss bug where tasks.db was wiped on updates. Tasks are now natively workspace-scoped ($PWD/.tasks.db) for per-project isolation.
v1.2.0
Major architecture refactor to split CLI into modular components. Bypasses ClawHub analyzer file size limits. Added 'task edit' and 'task export' functions.
v1.1.5
Made ~/.local/bin symlinking strictly opt-in via --symlink flag during install to address filesystem modification feedback.
v1.1.4
Minified task.sh script to fix ClawHub file truncation limit during scanner review.
v1.1.3
Fixed critical SQL injection vulnerability in task-heartbeat.sh missing input validation.
v1.1.2
Security hardening: integer-only ID validation, status whitelist, date format enforcement, temp-file SQL delivery to prevent injection.
v1.1.1
Security refinement: Removed intrusive onboarding and moderated research directives.
v1.1.0
Initial public release v1.1.0
Metadata
Frequently Asked Questions
What is Task Specialist?
A robust, local SQLite-backed task management system designed to elevate your AI agent's project execution. Excellent for both simple tasks and large multi-s... It is an AI Agent Skill for Claude Code / OpenClaw, with 618 downloads so far.
How do I install Task Specialist?
Run "/install task-specialist" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Task Specialist free?
Yes, Task Specialist is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Task Specialist support?
Task Specialist is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Task Specialist?
It is built and maintained by OBODA (@oboda0); the current version is v2.1.0.
More Skills