celery-task

This file implements an explicit remote command execution facility via Celery. It accepts untrusted task inputs and executes them using subprocess.run with shell=True, exposes environment and working-directory control, and may forward outputs to an external notifier. If the Celery broker or result backend is accessible by untrusted parties (or compromised), this code permits full remote code execution and potential data exfiltration. Recommended mitigations: remove shell=True or require argument lists, validate/allowlist permitted commands, restrict/authorize who can publish tasks to the broker, avoid accepting cwd/env_vars from untrusted callers, treat notifier module as sensitive (review its implementation), and ensure broker/backends are authenticated and network-restricted.

The skill presents a coherent fit for asynchronous task distribution and cross-platform deployment with automatic service management. However, the autonomy to start/maintain core services and to dispatch commands without explicit per-action user approval introduces notable security and control concerns. The workflow is plausible for a developer-focused automation tool, but the footprint includes high-risk patterns (autonomous real-world actions and unverified external binaries) that warrant caution and stronger user-approval prompts, explicit verification (checksums/signatures), and configurable safety curtains. Overall, the skill is STEP-sensible for its purpose but should be treated as suspiciously high-risk until mitigations are in place.