← 返回 Skills 市场
Task Router Skill
作者
captmarbles
· GitHub ↗
· v1.0.0
855
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install task-router-skill
功能描述
Distributed task queue for OpenClaw multi-agent systems that routes tasks by capability, tracks lifecycle, coordinates async handoffs, rebalances load, and m...
安全使用建议
This skill appears to implement a local task router and is internally consistent, but it leaves out important operational and security details. Before installing or using it in production, verify: (1) how agents authenticate and how registrations/heartbeats are authorized (prevent rogue agents from registering or stealing tasks); (2) the network transport used for agent communication and whether it uses TLS; (3) how notifications to external services (Discord, etc.) are configured and where secrets are stored; (4) who can run the 'task' CLI and whether file permissions on ~/.openclaw/task-router are restricted; (5) whether logs or task payloads may contain sensitive data and how they're protected. If the publisher cannot document agent auth, token handling, and runtime hosting, run the router in a sandboxed environment only and audit agent registrations and filesystem permissions.
功能分析
Type: OpenClaw Skill
Name: task-router-skill
Version: 1.0.0
The skill is classified as suspicious due to several potential vulnerabilities, primarily related to prompt injection vectors and broad file system access, rather than clear malicious intent. The `HEARTBEAT.md` script uses `sessions_send` to notify other agents about task completion, including user-controlled `task.title` and `task.result` (a file path). This creates a potential prompt injection vector if a malicious actor crafts these inputs. Additionally, CLI commands like `task export` allow writing task data to arbitrary user-specified file paths, and `task result` allows viewing arbitrary result files, which could be abused for unauthorized file access or writes if input paths are not properly sanitized. While these capabilities are plausible for a task router, the lack of explicit input sanitization for user-controlled strings and paths presents significant security risks.
能力评估
Purpose & Capability
Name, description, and the CLI/config examples align: a task router using a local filesystem layout (~/.openclaw/task-router) to track queues, agents, and tasks. There are no unrelated environment variables, binaries, or install steps requested that would contradict the stated purpose.
Instruction Scope
SKILL.md is an instruction-only spec that describes task lifecycle, CLI usage, and the config/queue layout but omits how agents authenticate or how the router is invoked/hosted. It also mentions external notification channels (e.g., Discord) without documenting required endpoints or secrets. Because it gives no constraints on who can register an agent or how heartbeats are authenticated, the instructions allow ambiguous agent registration and potential impersonation/unauthorized task consumption.
Install Mechanism
There is no install spec and no code files — lowest-risk delivery model. The doc references a 'clawhub install task-router' step, which is an expected convenience instruction but not a downloaded install spec in the package. No archives or remote URLs are used by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a local, config-file–based router. However, the docs hint at external notification channels (Discord, etc.) and multi-agent heartbeats without specifying tokens, network endpoints, or authorization — either those integrations are intentionally omitted (benign), or the skill expects external secrets to be configured later (not documented). This lack of explicit credential handling is a gap worth clarifying.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill stores state under ~/.openclaw/task-router, which is scoped to the user's home and consistent with its function. It does not request system-wide config changes or other skills' credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install task-router-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/task-router-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
task-router-skill 1.0.0
- Initial release of a distributed task queue and agent coordinator for OpenClaw multi-agent systems.
- Provides capability-based task routing, async handoffs, task lifecycle tracking, workload rebalancing, and dead letter handling.
- Includes CLI for task and agent management, as well as a TypeScript API for programmatic integration.
- Supports multi-step workflows, health monitoring, and robust agent management features.
- Configurable via YAML files for router settings, agent registry, and queue storage.
元数据
常见问题
Task Router Skill 是什么?
Distributed task queue for OpenClaw multi-agent systems that routes tasks by capability, tracks lifecycle, coordinates async handoffs, rebalances load, and m... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 855 次。
如何安装 Task Router Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install task-router-skill」即可一键安装,无需额外配置。
Task Router Skill 是免费的吗?
是的,Task Router Skill 完全免费(开源免费),可自由下载、安装和使用。
Task Router Skill 支持哪些平台?
Task Router Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Task Router Skill?
由 captmarbles(@capt-marbles)开发并维护,当前版本 v1.0.0。
推荐 Skills