ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentplace

v2.0.3

AI Agent Marketplace for OpenClaw. Browse and install free & paid agents when explicitly requested by the user.

4· 564·2 current·2 all-time
by@himanshunextbase
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name and description match the instructions (browse, preview, download, install agents). However the SKILL.md relies on local commands (curl, zipinfo, unzip, mv) and writes to ~/.openclaw/workspace/skills, while the registry metadata declares no required binaries and no required config paths — an incoherence between declared requirements and the actual operations the instructions assume.
!
Instruction Scope
Instructions perform network downloads and write extracted archives into the user's workspace, which is expected for an installer, but they give broad filesystem-write steps (unzip -qo; mv into ~/.openclaw/workspace/skills) without describing safety checks. There are no protections shown for zip path traversal, symlinks, overwriting existing skills, or for scanning binaries in the archive. The skill also references an API key for paid agents but doesn't mandate how it will be supplied (env vs prompt).
!
Install Mechanism
This is instruction-only (no install spec) which is low-risk in one sense, but it instructs downloading ZIPs from external hosts (cdn.agentplace.sh) and extracting them locally with no integrity verification (no checksum or signature), and uses unzip -qo (quiet overwrite). Download+extract from external CDN without integrity checks is a material risk and should be hardened.
Credentials
SKILL.md documents a paid-agent API key (format ak_xxxxxxxx) and shows using an x-api-key header, but the skill's registry metadata declares no required env vars or primary credential. It's plausible the design expects interactive prompting for a key, but the metadata/instructions are inconsistent and the presence of a key used for downloads should be declared and handled carefully (secure storage, not echoed, not placed in command history).
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges, which is appropriate. It does modify the user's workspace by adding/moving files into ~/.openclaw/workspace/skills/<agent-id>, and the provided steps may overwrite existing directories silently. This write-to-home behavior is expected for an installer but should include safeguards (confirmations, backups, non-overwriting install options).
What to consider before installing
The skill appears to do what it says (a marketplace installer) but has several practical and safety issues you should consider before installing or using it: - Metadata mismatch: The instructions call curl, zipinfo, unzip and write into ~/.openclaw/workspace/skills, but the registry declares no required binaries or config paths. Ensure the runtime environment has the necessary tools and be aware of this discrepancy. - Unverified downloads: The workflow downloads ZIP archives from external CDN hosts but provides no checksum/signature verification. An attacker who controls the CDN or a compromised package could deliver malicious code. Prefer marketplaces that publish signed releases or checksums, or insist on validating hashes before extraction. - Unsafe extraction: The recipe uses unzip -qo and then moves the contents into your skills directory. That can silently overwrite existing files, and ZIP archives can include path-traversal entries (../) or symlinks. Before extraction, inspect zipinfo output carefully and never use quiet overwrite in untrusted scenarios; extract to an isolated temp directory and scan the contents. - API key handling: Paid agents require an API key. The skill does not declare a primaryEnv; confirm how the key will be supplied, that it won't be logged or put into shell history, and store it securely. - Preview limitations: The instructions preview SKILL.md and list files, which is good, but you should also inspect binaries or scripts in the archive for unexpected network calls or privileged operations before final confirmation. Recommendations: only use this skill if you trust the Agentplace domain, run installations into a disposable or sandboxed environment first, require explicit non-overwriting install behavior, demand checksum or signature verification for downloads, and treat paid-agent API keys as secrets (enter interactively into a secure prompt or store in a secret manager rather than exposing them on command lines).

Like a lobster shell, security has layers — review code before you run it.

latestvk972ae1v71w40pyebxkgk79xyn82vd48
564downloads
4stars
5versions
Updated 7h ago
v2.0.3
MIT-0
@himanshunextbase
latest
Download

Agentplace — AI Agent Marketplace for OpenClaw

Overview

Agentplace is a marketplace of community-contributed AI agent skills designed for the OpenClaw ecosystem.

This skill enables OpenClaw users to:

  • Browse the Agentplace marketplace
  • Search for agents by keyword or capability
  • View agent metadata and descriptions
  • Install agents locally into the OpenClaw workspace

All actions performed by this skill are explicitly user-initiated. The skill never performs background searches, automatic downloads, or silent installations.

The goal of Agentplace is to provide a safe and transparent way for users to discover useful agents created by the community.

Core Principles

1. User-initiated execution

Marketplace queries occur only when the user explicitly asks to browse or install an agent.

Examples:

  • "Browse the marketplace"
  • "Show available agents"
  • "Search for agents that do X"
  • "Install agent <name>"

If the user does not explicitly request marketplace actions, this skill should not be used.

2. Explicit user consent

Installing third-party agents requires two confirmation steps:

  1. Confirmation before downloading
  2. Confirmation after previewing the agent files

3. Transparent preview before installation

Before installing an agent:

  • The archive contents are listed
  • The SKILL.md file is shown
  • The user can verify the agent description

4. Local execution

Installed agents run locally on the user's machine. Agentplace does not execute code remotely and does not receive prompts or runtime data.

Privacy Policy

This skill communicates with the Agentplace API only when necessary.

Network calls occur only when:

  • Browsing the marketplace
  • Searching for agents
  • Requesting metadata
  • Downloading an agent package

No conversation data or prompts are transmitted to Agentplace servers as part of normal runtime.

Agent Tiers

TierAuthenticationDescription
FreeNoneAvailable for immediate download after confirmation
PaidAPI keyRequires purchase and dashboard API key

Paid agents require a dashboard API key in the format:

ak_xxxxxxxx

The API key is used only to authorize downloads and must never be included in prompts or shared publicly.

Marketplace API

List agents:

curl -s https://api.agentplace.sh/marketplace/agents

Search agents:

curl -s "https://api.agentplace.sh/marketplace/agents?search=<query>"

Get agent details:

curl -s https://api.agentplace.sh/marketplace/agents/<agent-id>

Installation Workflow

Step 1 — Ask user confirmation

Install <agent name>? (yes/no)

Step 2 — Request download metadata

Free agent:

curl -s https://api.agentplace.sh/marketplace/agents/<agent-id>/download

Paid agent:

curl -s -H "x-api-key: ak_xxxx" https://api.agentplace.sh/marketplace/agents/<agent-id>/download

Example response:

{ "download_url": "https://cdn.agentplace.sh/agents/example.zip", "version": "1.0.0", "tier": "free" }

Step 3 — Download agent package

curl -sL "$download_url" -o /tmp/agent.zip

Step 4 — Preview contents

zipinfo -1 /tmp/agent.zip

unzip -p /tmp/agent.zip SKILL.md > /tmp/agent-SKILL.md cat /tmp/agent-SKILL.md

Step 5 — Final confirmation

Install this agent now? (yes/no)

Step 6 — Install locally

unzip -qo /tmp/agent.zip -d /tmp/agent-preview/ mv /tmp/agent-preview ~/.openclaw/workspace/skills/<agent-id>/ rm /tmp/agent.zip

Integrity and Safety

Agentplace distributes agents as ZIP archives.

Users should:

  • Verify the SKILL.md description
  • Review archive contents
  • Prefer trusted publishers

Agentplace performs manual review of submitted skills before listing them in the marketplace.

API Key Setup

Visit:

https://www.agentplace.sh/dashboard

Generate an API key in the format:

ak_xxxxxxxx

Guidelines:

  • Store keys securely
  • Never commit keys to public repositories
  • Never share keys publicly

Error Handling

401 — Invalid API key
403 — Agent not purchased
404 — Agent not found

Security Guidelines

  • User-initiated execution only
  • Explicit confirmation before installation
  • Preview agent documentation before install
  • No automatic execution of downloaded code
  • Agents run locally on the user's machine
  • API keys are used only for download authorization

Marketplace Safety Process

Agentplace performs review of uploaded agents including:

  • manual inspection of submitted archives
  • verification of metadata
  • checking for unexpected files

This helps ensure that marketplace agents are safe and consistent with their descriptions.

Summary

Agentplace provides a transparent and user-controlled way to install community-built agents.

Key protections include:

  • user-initiated execution
  • explicit install confirmations
  • archive preview before installation
  • local execution of agents
  • limited API key usage

Comments

Loading comments...