小龙虾分层任务工作流

分层任务分解与执行工作流

该技能整体上与其描述一致，但包含对磁盘与网络的可选访问点： - 在默认配置下，邮件发送与远程 git 备份功能是禁用/空的；若你启用它们（在 config/workflow_config.json 或通过传入 config_path），技能可能会把项目文件复制/压缩并推送到配置的 git 仓库，或向配置的 SMTP 服务器发送包含项目信息的邮件。只有在你信任目标仓库/邮件收件人并确认不会泄露敏感数据时才启用这些功能。 - 建议先在隔离的测试环境或容器中运行技能，检查生成的文件和日志位置（默认位于 /root/.openclaw/...），并确认 backup.git_repository 与 email.smtp_server/username 不被设置为不受信任的远端。 - 如果你 lack 安全经验：不要在生产环境或包含敏感数据的工作区启用备份或邮件功能；审阅 scripts/backup_manager.py 和 scripts/email_sender.py 的实现（尤其是 _git_backup、subprocess 调用和 send_email 路径），确认不会自动推送或发送未经授权的数据。 - 最佳实践：保持邮件/备份功能的 simulate/disabled 状态，手动审查并逐项启用；或在启用前替换为只写本地目录的安全后端（例如私有、安全的存储），并限制技能访问的项目目录范围。

Type: OpenClaw Skill Name: xiaolongxia-workflow Version: 0.5.0 The bundle implements a highly complex task decomposition and execution framework that includes several high-risk capabilities. Specifically, 'backup_manager.py' includes functionality to push project data to remote Git repositories via subprocess calls, and 'email_reporter.py'/'email_sender.py' provide full SMTP integration for sending data to external recipients. While these features are consistent with the stated purpose of a managed workflow, they provide ready-made channels for data exfiltration and unauthorized remote command execution. No explicit evidence of intentional malice (such as hardcoded credentials or targeted theft of SSH keys) was found, but the combination of broad file system access, network communication, and shell execution warrants a suspicious classification.