Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Operator Skill
v0.1.0Orchestrates collaborative agent sessions with secure, fault-tolerant CRDT persistence and instant crash-proof state recovery.
⭐ 0· 289·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to provide Ed25519-verified CRDT persistence and crash-proof recovery — the TypeScript implementation does perform snapshot + append-only update handling as described. However, the code imports 'loro-crdt' while package.json declares dependency 'loro' (mismatch), and package-lock.json contains a large, unrelated dependency tree. These dependency/package inconsistencies are not proportionate to the described purpose and indicate the package metadata may be incorrect or copied from another project.
Instruction Scope
SKILL.md promises built-in Ed25519 verification, but the implementation delegates verification to agentComm('message.verify') imported from a relative path '../agent-comm-skill/index.ts'. That external dependency is not declared anywhere (plugin.json/metadata do not reference it). Relying on another skill via a relative import is unusual, undocumented in the SKILL.md, and could alter or expand runtime behavior (or simply fail at runtime if the referenced file isn't present).
Install Mechanism
There is no install spec (instruction-only / code included), which is lower risk in itself, but the repository contains TypeScript source with package.json pointing to an output 'dist/index.js' that is not included in the package files list. package-lock.json is large and contains many packages unrelated to package.json's declared dependency list. The missing build artifact (dist) plus an inconsistent lockfile suggests the published bundle is incomplete or mismatched with its metadata, which could cause broken installs or hide unreviewed dependencies.
Credentials
The skill does not request environment variables or external credentials and writes only to data/sessions in the current working directory. That file access is consistent with its purpose. However, because signature verification is delegated to another skill (agent-comm-skill) via an imported function, the effective environment/scope at runtime may include whatever that other skill does — this expands the trusted surface and should be verified.
Persistence & Privilege
The skill is not always-enabled and uses only file read/write operations under data/sessions per plugin.json. It does not request elevated platform privileges in the metadata. This is reasonable for a persistence/orchestration skill.
What to consider before installing
Do not install this skill until the author clarifies and fixes several inconsistencies. Specifically ask for: (1) a corrected package.json that matches imports (either change import to the declared package or update dependencies to include 'loro-crdt'), (2) explanation of package-lock contents (why unrelated dependencies are present), (3) included build artifact (dist/index.js) or a clear build/install instruction, and (4) explicit declaration of the dependency on agent-comm-skill (or remove the relative import and verify signatures locally with a known Ed25519 library). Also review the source of the agent-comm-skill if signature verification remains delegated — it will have the ability to inspect/validate payloads and could expand the skill's effective privilege. If you proceed, run the skill in a sandboxed environment, limit file write permissions to an isolated folder, and avoid granting broad host access until the above issues are resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk971kdw5fma5kbev7j2xx8pbrh82fxj2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.