← 返回 Skills 市场
484
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install task-supervisor
功能描述
Manage complex tasks with 5+ steps or duration >20 min, tracking progress via task files and sending periodic status reports until completion or pause.
安全使用建议
Do not enable this skill yet. Ask the publisher to clarify: (1) which messaging platform will be used (WhatsApp or Feishu?) and exactly how recipient identity and authentication are provided (what env vars or agent integrations are required); (2) whether the agent runtime actually provides an 'openclaw' CLI and what privileges that CLI has; (3) where .tasks/ will be stored and who can read those files; and (4) how and when the cron jobs are removed and what safeguards exist to prevent repeated unintended messages. If you proceed, require explicit, per-task consent before creating background crons or sending messages, and ensure messaging credentials are scoped and stored securely (not left implicit).
功能分析
Type: OpenClaw Skill
Name: task-supervisor
Version: 1.0.0
The skill is classified as suspicious due to its use of high-risk capabilities that, while seemingly intended for legitimate task management, create significant vulnerabilities. Specifically, the `SKILL.md` instructs the agent to use `exec` to create cron jobs, which is a powerful primitive allowing arbitrary command execution and establishing persistence. Furthermore, the `--message` argument for the `openclaw cron add` command acts as a prompt for a sub-agent, instructing it to read a file (`.tasks/<SLUG>.md`) and send its content via Feishu. This nested prompt injection surface, combined with file read and exfiltration capabilities, presents a critical vulnerability for data exfiltration if an attacker could manipulate the `TASK-SLUG` or inject into the cron message.
能力评估
Purpose & Capability
The name/description (long-running task manager with progress files and periodic reports) aligns with the SKILL.md: it instructs creating .tasks files, decomposing steps, logging progress, and sending periodic reports. However, the skill expects to send messages via external platforms (mentions WhatsApp and Feishu interchangeably) and to spawn system crons via an 'openclaw' CLI, yet the registry metadata declares no required binaries or credentials. Requesting no environment variables or primary credential is inconsistent with sending messages to external services.
Instruction Scope
Instructions tell the agent to create and repeatedly update files under .tasks/, spawn a reporter cron using an 'openclaw cron add' exec, and have that cron read task files and send progress messages. That scope is consistent with a supervisor but includes autonomous background scheduling and automated messaging. The doc mixes messaging targets (WhatsApp vs Feishu) and tells the cron to 'send a Feishu message to the user' without specifying how authentication/recipient mapping occurs. The instructions do not read or transmit unrelated system files, but they do perform autonomous I/O and networked messaging which require explicit credentials and user consent.
Install Mechanism
This is instruction-only with no install spec and no code files, so there is nothing being downloaded or written at install time. That reduces risk from supply-chain install mechanics. The runtime behavior (spawning crons and writing .tasks files) is still potentially persistent, but there is no installer to analyze.
Credentials
The skill declares no required environment variables or credentials, yet its runtime actions require the ability to send messages over Feishu or WhatsApp and to schedule crons via an 'openclaw' CLI. Sending messages to external platforms normally requires API tokens/credentials or preconfigured agent integrations; those are not declared. This mismatch is disproportionate and unexplained.
Persistence & Privilege
always:false (good). The skill instructs spawning scheduled reporter crons that run autonomously until the task completes or fails. Creating background scheduled jobs is a legitimate behavior for long-running tasks, but because the cron will autonomously read task files and send external messages, it increases the blast radius — especially combined with missing declarations for which messaging identity/credentials will be used. The skill does not claim to modify other skills or global configs, which is good.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install task-supervisor - 安装完成后,直接呼叫该 Skill 的名称或使用
/task-supervisor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: self-supervising long-running task manager with checkpoint files, step tracking, and periodic Feishu progress reports.
元数据
常见问题
Task Supervisor 是什么?
Manage complex tasks with 5+ steps or duration >20 min, tracking progress via task files and sending periodic status reports until completion or pause. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 484 次。
如何安装 Task Supervisor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install task-supervisor」即可一键安装,无需额外配置。
Task Supervisor 是免费的吗?
是的,Task Supervisor 完全免费(开源免费),可自由下载、安装和使用。
Task Supervisor 支持哪些平台?
Task Supervisor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Task Supervisor?
由 Peng Shu(@mashirops)开发并维护,当前版本 v1.0.0。
推荐 Skills