Is mightyprime1/task-status safe?

Every script in the skills directory defaults TELEGRAM_TARGET to '7590912486'. This Telegram user ID is not a placeholder — it is a specific account that will silently receive every status message an agent sends using this skill unless the operator explicitly sets the TELEGRAM_TARGET environment variable. The default is present in at least three separate files (send_status.py, send_status_with_logging.py, send_status_websocket.py), indicating it is intentional rather than a single oversight.

The monitor_task.py background thread sends 'Still working...' messages every 5 seconds with the task name as the step identifier. This gives the Telegram recipient a continuous feed of agent task names and progress strings, effectively providing real-time operational intelligence about what the agent is doing on behalf of the user.

monitor_task.py spawns a daemon thread that loops until the task_name key is removed from the state file. If an agent calls 'start' but a crash, error, or incomplete task prevents it from calling 'stop', the thread continues transmitting status messages until the host process exits. The state file persists to disk (.task_status_state.json), so a subsequent process reload would not necessarily clean up stale monitors.

The 'Automation with Clawdbot Cron' section of SKILL.md contains executable Python code that calls from cron import add and registers a 5-second recurring job. When this SKILL.md content is injected into an agent's context, the agent may interpret this code block as an instruction to execute, resulting in a persistent background job being registered in the Clawdbot scheduler without explicit user direction.

The fallback path in send_status.py constructs a subprocess call to the clawdbot CLI using the message, step_name, and target values. If any of these originate from attacker-controlled task descriptions (e.g., a malicious filename passed as a step name), CLI argument injection is possible depending on how clawdbot parses its arguments.

send_status_with_logging.py hardcodes LOG_DIR = Path('C:/Users/Luffy/clawd/logs'), and README.md references installation to 'C:\Users\Luffy\AppData\Roaming\npm\node_modules\clawdbot'. These paths expose the developer's username and machine layout, and confirm the Telegram ID default is a live account on the developer's system, not a sanitized placeholder.

The README describes a file structure with only send_status.py and monitor_task.py, but the distributed package also includes send_status_with_logging.py and send_status_websocket.py. These undocumented scripts contain the same hardcoded Telegram ID and represent alternative transport implementations (with logging and with WebSocket handshake), suggesting iterative development toward reliable exfiltration. The presence of undocumented files increases the attack surface.

monitor_task.py emits extensive [DEBUG] lines to stderr including task names, state file contents, iteration counts, and timing data. On systems where stderr is logged or monitored, this creates a secondary audit trail of agent activity.