Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Squad 0.9.4
v0.9.4Manage persistent AI coding squads that run in tmux sessions with task queues, progress reports, and automatic health monitoring. Use when the user wants to:...
⭐ 0· 331·0 current·0 all-time
by@0xtimi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (persistent AI squads in tmux) match the included scripts and SKILL.md. Requested binaries (python3 and tmux) are reasonable and necessary for creating sessions, writing task files, rendering templates, and running engines. No unrelated environment variables, config paths, or external credentials are requested.
Instruction Scope
SKILL.md and scripts explicitly instruct the agent to start tmux sessions, write/read coordination files under ~/.openclaw/workspace/agent-squad, show live tmux output in responses, and send prompts into tmux sessions. This is expected for the stated purpose, but it means the running AI engines will have read/write/execute access to the configured project directory and coordination data. The skill instructs defaulting to the 'claude' engine and to run engines in full-auto modes; it also warns users to keep secrets out of project directories.
Install Mechanism
No install spec (instruction-only skill) — scripts are shipped with the skill and nothing is downloaded from external URLs. This is low-risk from an install mechanism perspective. The skill expects external engine binaries to be present on PATH; installing those is outside the skill and is the user's responsibility.
Credentials
The skill does not request environment variables, API keys, or credential files. It does rely on engine binaries that may themselves require credentials (e.g., Gemini OAuth), but those are external to the skill and not demanded by it. The lack of required secrets is proportionate to the skill's function.
Persistence & Privilege
always:false (not force-included). The skill registers a watchdog via openclaw cron if available, but that is scoped to its own squads. It does not modify other skills or request elevated system-wide privileges. Autonomous invocation by the agent is allowed (default) — expected for skills of this type.
Assessment
This skill appears to be what it says: a local coordinator that runs unattended AI engines in tmux and manages task files. Before installing, consider the following: (1) Only run squads on codebases you trust — the agents run in full-auto and can read, write, execute, and commit changes in the project directory. (2) Remove secrets (API keys, .env, private keys) from any project directories you point the squad at. (3) Engines are started with flags that bypass permission prompts (e.g., --dangerously-skip-permissions); understand the implications and only enable those engines if you accept full automation. (4) If you want isolation, run this skill inside a VM, container, or disposable environment and test with a throwaway repo first. (5) Review the included scripts (start/watchdog/assign/etc.) to confirm behavior for cron registration and auto-restart; if you don't use openclaw, the skill warns and will not register the cron. (6) If you need stricter controls, modify the start/watchdog scripts to remove auto-restart or to restrict the project directory before using. Overall: coherent and self-consistent, but carries expected high operational risk because the agents are intentionally granted broad file-system and execution access.Like a lobster shell, security has layers — review code before you run it.
latestvk9701xnwameqk6x3bs5jh1v30x82nztr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3
Any bintmux