llm-task is a bundled optional plugin tool that runs a single JSON-only
LLM call and returns structured output, optionally validated against a JSON
Schema. It gives workflow engines like Lobster an LLM step without custom
OpenClaw code per workflow.
Enable
- Enable the plugin:
- Allow the tool:
alsoAllow adds llm-task on top of the active tool profile without
restricting other core tools. Use tools.allow only if you want a restrictive
allowlist mode instead.
Config (optional)
allowedModels is an allowlist of provider/model strings; a request for any
other model is rejected. All other keys are per-call fallbacks used when the
tool call omits that parameter.
Tool parameters
| Parameter | Type | Notes |
|---|---|---|
prompt | string | Required. Task instruction for the LLM. |
input | any | Optional payload; serialized to JSON and appended to the prompt. |
schema | object | Optional JSON Schema the parsed output must validate against. |
provider | string | Overrides defaultProvider / the agent’s default provider. |
model | string | Overrides defaultModel; accepts bare model ids, aliases, or a provider/model ref (a duplicate provider prefix is stripped automatically). |
thinking | string | Reasoning level (e.g. low, medium); must be one supported by the resolved model. |
authProfileId | string | Overrides defaultAuthProfileId. |
temperature | number | Best-effort; not all providers honor it. |
maxTokens | number | Best-effort cap on output tokens. |
timeoutMs | number | Run timeout; default 30000. |
Output
Returnsdetails.json (the parsed, schema-validated JSON) plus details.provider
and details.model naming what actually ran.
Example: Lobster workflow step
Important limitation
The example below assumes the standalone Lobster CLI is running whereopenclaw.invoke already has the correct gateway URL/auth context.
For the bundled embedded Lobster runner inside OpenClaw, this nested CLI
pattern is not currently reliable:
- direct
llm-tasktool calls outside Lobster, or - Lobster steps that do not rely on nested
openclaw.invokecalls.
Safety notes
- JSON-only: the model is instructed to return only a JSON value, no code fences, no commentary.
- No tools: the underlying run has tools disabled, so the model cannot call out mid-task.
- Treat output as untrusted unless you validate it with
schema. - Put approvals before any side-effecting step (send, post, exec) that consumes this output.