ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Create Agent

v1.0.0

Creates new Overstory agents for Overclaw by updating all seven integration points (config, manifest, agent-def, gateway prompt, task_router, generate_agent_...

0· 451·9 current·9 all-time
by@austindixson
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (create Overstory agents) align with the included scripts and SKILL.md: the code updates the seven listed integration points (config, manifest, agent-defs, gateway prompt, task_router, generate_agent_context, and regeneration). Modifying other workspace scripts (task_router.py, generate_agent_context.py) is expected for this capability.
Instruction Scope
SKILL.md and the scripts are explicit about actions: they read TROUBLESHOOTING.md, logs, project tree, and may call 'mulch' and run the generate_agent_context.py script. This is within the advertised scope, but the scripts will read files in the workspace and in the user's home (e.g., ~/.openclaw/logs) and can spawn subprocesses — so they have broad local file access consistent with their purpose.
Install Mechanism
No install spec; the skill is instruction+script only. No external downloads or archive extraction are present in the package. The code does rely on Python and optional third-party modules (PyYAML) and on external CLI tools (e.g., mulch, gateway tools) if analysis/regeneration features are used.
Credentials
The registry lists no required env vars, which is reasonable. The scripts do read optional environment variables (NANOBOT_WORKSPACE, OPENCLAW_WORKSPACE, and template references to $GATEWAY_TOOLS) and the user's home log directory. No cloud or secret credentials are requested. Access to workspace and home log files is broad but justified by the analysis features.
Persistence & Privilege
always:false (no forced persistence). The script does modify other files in the workspace and other skills' scripts (e.g., nanobot-overstory-bridge), which is necessary for its goal but increases impact if run by an autonomous agent. Autonomous invocation is allowed by default; combine that with file-modifying behavior when deciding trust.
Assessment
This skill appears to do what it says: it edits multiple files in your workspace to register new agents and can analyze logs/docs to suggest agents. Before installing or running it, backup your workspace (or test in a disposable clone), run create_agent.py with --dry-run or --suggest-only first, and inspect the two script files yourself. Note the scripts may call external tools (mulch, generator scripts) and will read files under the workspace and your home (~/.openclaw/logs). If you plan to allow autonomous agent invocation, be aware a compromised or buggy agent could make persistent changes to these project files. If unsure, run the scripts interactively in a safe environment and ensure PyYAML and required CLI tools are installed only when needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5sbnpbsfvt2mwc10pbx1bn81wk74
451downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@austindixson
latest
Download

Create Agent

Creates and registers new Overstory agents so Overclaw can recognize and use them. Automates the steps documented in .overstory/CREATING_AGENTS.md.

When to use

  • You want to add a new agent type (e.g. troubleshooter, docs-writer) to Overclaw.
  • You want to ensure all seven integration points are updated consistently.
  • You want to suggest new agents from Overclaw logs, TROUBLESHOOTING.md, mulch, or project structure.

Scripts

create_agent.py

Main CLI for creating or validating agents.

Manual creation:

python3 scripts/create_agent.py \
  --name "troubleshooter" \
  --description "Analyzes logs and troubleshoots issues" \
  --capabilities "troubleshoot,debug,analyze" \
  --model "sonnet" \
  --tools "Read,Glob,Grep,Bash" \
  --can-spawn false \
  --constraints "read-only"

Options: --dry-run (preview only), --no-regenerate (skip gateway context regeneration), --rollback-on-fail (revert changes if validation fails).

Analysis mode (suggestions only):

python3 scripts/create_agent.py \
  --analyze-from-logs \
  --analyze-from-troubleshooting \
  --suggest-only

analyze_agent_needs.py

Helper for analysis mode: parses logs, TROUBLESHOOTING.md, mulch, and project tree to suggest new agent definitions. Can be run standalone or via create_agent.py --analyze-*.

Integration points updated

  1. .overstory/config.yaml — capability entry
  2. .overstory/agent-manifest.json — agent + capabilityIndex
  3. .overstory/agent-defs/<name>.md — agent definition
  4. scripts/overclaw_gateway.py — orchestrator system prompt
  5. skills/nanobot-overstory-bridge/scripts/task_router.py — CAPABILITY_PATTERNS
  6. skills/nanobot-overstory-bridge/scripts/generate_agent_context.py — CAPABILITY_PRIVILEGES
  7. Regeneration of gateway-context.md and skills-manifest.json

References

Comments

Loading comments...