← 返回 Skills 市场
Task Resume
作者
RichardSun
· GitHub ↗
· v1.3.0
700
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install task-resume
功能描述
Automatic interrupted-task resume workflow with queueing and recovery. Use when a user asks to resume interrupted work after temporary context switches, prot...
安全使用建议
This skill appears to implement what it says (a cross-session interrupted-task queue) but has several operational risks you should consider before installing:
- Shared queue: It stores queued tasks in a workspace-global file (memory/task-resume-queue.json) shared across main/clone/group sessions. If you have multiple users or isolated contexts in the same workspace, tasks and their context could be visible across sessions. Avoid putting secrets in task context.
- Log reading: The recover command can read arbitrary session .jsonl log files (e.g., under ~/.openclaw). Ensure you trust the skill and its invocations before allowing it to read local logs, since those logs may contain sensitive content.
- Autonomous/cron auto-continue: The README and SKILL.md recommend a watchdog cron that automatically 'continues' tasks. That behavior can cause the agent to take actions or send progress messages automatically. If you need strict user confirmation for actions, do not enable the watchdog or restrict how/when the skill is invoked.
- Operational controls: If you decide to install, restrict who/what can call the skill, avoid storing secrets in queue entries, and consider placing the workspace memory directory in a location with appropriate access controls. Review any automation (cron/heartbeat) separately and prefer manual invocation when in doubt.
If you want me to, I can suggest a hardened variant (e.g., per-session queue files, explicit opt-in for watchdog mode, and an allowlist for recover log paths) to reduce these risks.
功能分析
Type: OpenClaw Skill
Name: task-resume
Version: 1.3.0
The `scripts/task_resume_queue.py` script contains a significant information disclosure vulnerability. Its `recover` command uses `Path(log_path).expanduser()` to read the content of a specified log file. If an attacker can control the `--log` argument, this allows reading arbitrary files within the user's home directory (e.g., `~/.ssh/id_rsa`, `~/.aws/credentials`). The last 8 lines of the read file are then stored in the `context` field of `memory/task-resume-queue.json`, making sensitive data accessible to the agent for future processing. Additionally, the `SKILL.md` instructs the agent to 'resume' tasks based on stored `title`, `context`, and `acceptance` fields, which could lead to prompt injection against the agent if these fields are manipulated.
能力评估
Purpose & Capability
Name/description align with the code and instructions: the included script implements a FIFO queue persisted at memory/task-resume-queue.json and provides add/pop/list/status/clear/recover commands. Requiring a workspace-global (cross-session) queue file and a recover-from-log helper is consistent with the stated goal of cross-session resume.
Instruction Scope
SKILL.md requires message-time enforcement (enqueue before handling any new user message), shared queue usage across sessions, and recommends a watchdog cron that will 'auto-continue' tasks every 30 minutes. It also documents recovering from arbitrary session .jsonl logs (reads a path like ~/.openclaw/agents/main/sessions/<session>.jsonl). Those instructions expand the agent's scope beyond simple bookkeeping: they enable cross-session state mixing and periodic autonomous execution that may act without explicit user confirmation. The recover command reads arbitrary file paths specified at runtime, which could expose local session data if misused.
Install Mechanism
No install spec; this is instruction-plus-script only. Nothing is downloaded from the network or written to unusual system locations by an installer. Risk surface comes only from the included script's runtime behavior.
Credentials
The skill declares no required environment variables or credentials. However, it persists a workspace-global JSON queue (memory/task-resume-queue.json) that is shared across sessions/clones and could leak context between sessions. The SKILL.md explicitly warns not to store secrets in queue content; that guidance is necessary but relies on correct operator behavior.
Persistence & Privilege
The skill is not 'always: true', but the SKILL.md encourages adding a watchdog cron/heartbeat that would run periodically and 'auto-continue' tasks. Combined with normal autonomous invocation, that pattern grants the skill potential ongoing background action (periodic checks and automatic continuation) and cross-session persistence via the shared queue file. That operational model can increase blast radius if the skill is granted broad invoke privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install task-resume - 安装完成后,直接呼叫该 Skill 的名称或使用
/task-resume触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Add watchdog auto-continue mode (30m checks), stalled-task auto-resume behavior, and delivery reliability guidance for main/systemEvent continuity updates.
v1.2.0
Add ENOENT-safe recover flow for missing session .jsonl logs; keep interruptions non-fatal and queue-driven.
v1.0.1
**Added unified, cross-session queueing for interrupted tasks**
- Default behavior is now to auto-enqueue any unfinished active task on context switch, unless explicitly overridden.
- Queue storage is now unified and shared across all main, clone, and group sessions for consistent task recovery.
- Added source and session identifiers to queue items for accurate tracking.
- New status command shows total and grouped queue counts by session/source.
- Documentation added (README.md) detailing usage and workflow.
v1.0.0
- Initial release of **task-resume**: an automated workflow to recover and resume interrupted tasks with intelligent queueing and context capture.
- Detects interruptions based on task activity and user input, excluding explicit override commands (e.g., cancel, pause).
- Persists context for unfinished, interrupted tasks to a managed queue for automatic resume after current work is completed.
- Integrates guardrails: deduplication, queue size limit, explicit context logging, and prevents silent data loss.
- Enforces daily review of stale queued tasks, prompting user for action on any items older than 7 days.
元数据
常见问题
Task Resume 是什么?
Automatic interrupted-task resume workflow with queueing and recovery. Use when a user asks to resume interrupted work after temporary context switches, prot... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 700 次。
如何安装 Task Resume?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install task-resume」即可一键安装,无需额外配置。
Task Resume 是免费的吗?
是的,Task Resume 完全免费(开源免费),可自由下载、安装和使用。
Task Resume 支持哪些平台?
Task Resume 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Task Resume?
由 RichardSun(@richardsun700)开发并维护,当前版本 v1.3.0。
推荐 Skills