← 返回 Skills 市场
结构化任务规划与分步执行 V2(异步子代理架构)
作者
scotthuang
· GitHub ↗
· v1.0.7
2286
总下载
4
收藏
12
当前安装
8
版本数
在 OpenClaw 中安装
/install stp
功能描述
结构化任务规划与分步执行 V2(异步子代理架构)。支持将每个步骤通过 session_spawn 创建子代理异步执行,主会话保持非阻塞。功能包括:步骤分解、子代理执行、子代理检验(LLM判断)、状态跟踪、Heartbeat 监控、任务中断。触发词:/stp、任务规划、步骤执行。
安全使用建议
This skill appears to do what it says: orchestrate asynchronous subagents, track status, and create heartbeat cron jobs. Before you run it: (1) review scripts/stp_orchestrator.py to confirm you understand what files it will read/write and how it determines subagent state; (2) be aware it reads platform session logs (~/.openclaw/agents/.../sessions.json and session jsonl files) — those may contain recent tool outputs or messages you consider sensitive; (3) note it will create cron jobs under your account for periodic heartbeat checks — ensure you're comfortable with that and know how to remove them (the skill provides interrupt commands); (4) address the small metadata mismatch (registry showed no required binaries while _meta.json lists 'openclaw'); (5) run first in a non-production or isolated environment if you want to observe behavior before trusting it with sensitive workflows.
功能分析
Type: OpenClaw Skill
Name: stp
Version: 1.0.7
The skill is classified as suspicious due to a critical shell injection vulnerability identified in the `SKILL.md` instructions. Specifically, the agent is instructed to extract a Process ID (`details.pid`) from a subagent's execution history (via `sessions_history`) and then directly use this value in a `kill <PID>` command. If a malicious subagent could manipulate its output to inject arbitrary commands into the `details.pid` field (e.g., `1; rm -rf /`), the main agent would execute these commands on the host system, leading to Remote Code Execution (RCE). While the intent is for cleanup, this lack of input sanitization for a value sourced from a potentially untrusted subagent constitutes a significant vulnerability. Other risky capabilities, such as executing user-provided prompts in subagents, are inherent to the skill's purpose and are mitigated by user confirmation and verification steps.
能力评估
Purpose & Capability
The skill claims to orchestrate step-by-step tasks using spawned subagents and its files/permissions (scripts that read session state, create task dirs, and spawn subagents) match that purpose. Note: _meta.json lists requiredBinaries: ["openclaw"] and permissions (read-sessions, cron, subagent-spawn) whereas the top-level registry block reported 'none' for required binaries/env — this is a minor metadata inconsistency to be aware of.
Instruction Scope
SKILL.md explicitly documents creating task directories under ~/.openclaw/workspace/tasks, saving plans, starting/stopping cron heartbeats, spawning subagents (sessions_spawn), and using sessions_history_sync to read session logs. Those actions are within the stated orchestration scope. The instructions do read platform session files (sessions.json and session jsonl files) to determine subagent state — this is expected for monitoring but grants access to session contents (see environment_proportionality).
Install Mechanism
No install spec is provided (instruction-only with included helper script). No external downloads or archive extraction are used. The risk surface is confined to the included Python script which will run under the user's environment when invoked.
Credentials
The skill requests no external credentials or environment variables, which aligns with its purpose. However, it reads platform-managed session files (e.g. ~/.openclaw/agents/.../sessions.json and referenced session jsonl files) and exposes truncated last_message contents when reporting — this is necessary for heartbeat and monitoring but means the skill can view recent session messages and tool call traces. If those session logs contain sensitive data, consider whether you want a skill with read-sessions permission to access them.
Persistence & Privilege
always is false (no forced inclusion). The skill creates and manages per-task directories and cron jobs for heartbeat monitoring and cleans them up on interrupt/completion. It does not attempt to modify other skills or system-wide agent settings beyond creating cron jobs and task files under the user's ~/.openclaw workspace.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stp - 安装完成后,直接呼叫该 Skill 的名称或使用
/stp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
stp 1.0.7
- Cron Job 添加 `--channel webchat` 参数,避免执行时报错
- task_step 输出清理信息:任务完成或中断时,在 `task_steps.md` 中记录清理信息(时间、终止的子代理、删除的 cron、终止的进程)
v1.0.6
stp 1.0.6
- No code or documentation changes detected in this version.
- Behavior and features remain identical to the previous release.
v1.0.5
stp 1.0.5
- Removed the file: scripts/execute_task.py
- Documentation (SKILL.md) updated to add a new "计划书" global option: "任务完成后删除目录" (delete directory after task completion), with related user interaction options ("删除"/"清理") added to the confirmation step.
- No functional code changes except for the script removal.
v1.0.4
**STP 1.0.4 – Structured Task Planning V2: Async Subagent Architecture**
- Major upgrade to asynchronous subagent execution: each task step now runs via session_spawn as an isolated subagent, keeping main sessions non-blocking.
- Added orchestration script (stp_orchestrator.py) to manage task lifecycle: start tasks, monitor with heartbeat, check status, and support interruption/cleanup.
- Enhanced step tracking: each step records subagent IDs, run history, state (pending, running, verifying, completed), and timeout counters in task_steps.md.
- Automatic heartbeat monitoring via cron: tracks subagent status, detects stuck/idle states, and guides user recovery or interruption as needed.
- New task interruption and cleanup flow: auto-kills subagents and cleans up residual system processes when a task is manually terminated.
- Workflow, confirmation, and recovery logic thoroughly documented in new guide (MAIN_SESSION_GUIDE.md).
v1.0.3
**stp 1.0.3 Changelog**
- Added English description (description_en) to metadata for broader accessibility.
- No other functional or documentation changes.
v1.0.2
**Confirmation step is now required before task execution in all modes.**
- Added mandatory plan review and confirmation for both file mode and natural language mode. User must confirm the plan before execution can proceed.
- Clarified usage: both modes (Markdown file and natural language) support a displayed plan, require user confirmation, and support modification before running.
- Updated command-line interface documentation: file mode uses `--file/-f`, natural language mode uses `--nlp/-n`, with clear parameter priority and workflow.
- Improved comparison between modes and provided clearer examples for both user and Agent integration.
- No code changes—documentation only.
v1.0.1
- 添加 CHANGELOG.md 和 _meta.json 文件,完善项目元数据及变更记录。
- 移除 scripts/update_step.py 文件,简化脚本结构。
- SKILL.md 补充了路径变量说明,统一用变量指代关键目录,更易理解和维护文档。
- 其他核心功能和使用说明保持不变。
v1.0.0
- 新增“自然语言模式”:支持直接输入自然语言任务描述,自动拆解为标准计划书,并循环确认后执行
- 文件模式与原流程兼容:仍可从 Markdown 任务文档加载,按步骤执行
- 计划书自动生成:自然语言模式下按规范生成 Markdown 文档并保存在统一目录
- 严格执行规则与日志记录:任务执行需严格按原定技术方案,日志包含完整命令和输出
- 引入快速失败策略:执行失败立即终止任务,记录详细原因
元数据
常见问题
结构化任务规划与分步执行 V2(异步子代理架构) 是什么?
结构化任务规划与分步执行 V2(异步子代理架构)。支持将每个步骤通过 session_spawn 创建子代理异步执行,主会话保持非阻塞。功能包括:步骤分解、子代理执行、子代理检验(LLM判断)、状态跟踪、Heartbeat 监控、任务中断。触发词:/stp、任务规划、步骤执行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2286 次。
如何安装 结构化任务规划与分步执行 V2(异步子代理架构)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stp」即可一键安装,无需额外配置。
结构化任务规划与分步执行 V2(异步子代理架构) 是免费的吗?
是的,结构化任务规划与分步执行 V2(异步子代理架构) 完全免费(开源免费),可自由下载、安装和使用。
结构化任务规划与分步执行 V2(异步子代理架构) 支持哪些平台?
结构化任务规划与分步执行 V2(异步子代理架构) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 结构化任务规划与分步执行 V2(异步子代理架构)?
由 scotthuang(@scotthuang)开发并维护,当前版本 v1.0.7。
推荐 Skills