ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenFleet

v1.0.0

Manage your OpenFleet multi-agent workspace — create tasks, assign agents, trigger pulse cycles, manage automations, and monitor activity. Full bidirectional...

2· 725·0 current·1 all-time
by@serrato1
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description (manage OpenFleet workspace) aligns with requiring OPENFLEET_API_KEY and use of the @open-fleet MCP server. However the SKILL.md instructs use of other tools (openclaw gateway, cloudflared) that are not listed in required binaries, which is an omission and reduces clarity about what the skill actually needs to run.
!
Instruction Scope
SKILL.md tells the agent/user to: run npx to launch @open-fleet/mcp-server, start an OpenClaw gateway, and expose it with cloudflared tunnel so OpenFleet can connect back. Those steps involve exposing a local service to a remote endpoint (network tunneling) and executing code fetched at runtime. The instructions also reference binaries (openclaw, cloudflared) that aren't declared; the tunnel step in particular increases attack surface and should be highlighted to users.
Install Mechanism
There is no install spec (instruction-only) which is lower risk, but the skill relies on npx to fetch and run @open-fleet/mcp-server at runtime. The SKILL.md example uses npx without pinning a package version (and with -y), which creates a supply-chain risk because it will execute the latest package from npm.
Credentials
Only OPENFLEET_API_KEY is declared and used; that is appropriate for a tool that integrates with the OpenFleet API. The SKILL.md does not request other credentials. Recommend verifying the key's scope/permissions before use.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. There is no indication the skill requests permanent system-wide changes or modifies other skills. Note: autonomous invocation plus task/agent management is powerful — follow the guidance below before enabling.
What to consider before installing
Before installing: 1) Verify the OpenFleet service and npm package are legitimate (check openfleet.sh, GitHub repo, npm package maintainers). 2) Update the skill manifest to list all required binaries (cloudflared, openclaw) or be prepared to run those manually. 3) Avoid running npx with -y/unpinned packages in production — prefer a pinned version or inspect the package contents first. 4) Be cautious about exposing a local gateway via cloudflared: this opens a tunnel from your machine to the Internet — only do this if you trust the remote service and limit network exposure (firewall, ephemeral keys). 5) Use an API key with least privilege, rotate it after testing, and monitor activity. If you want higher confidence, ask the publisher for a pinned package version, the exact npm package name/version they expect, and proof of the GitHub repo that contains the published code.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
Binsnpx
EnvOPENFLEET_API_KEY
Primary envOPENFLEET_API_KEY
agentsvk975bgtdcdrkgqe400b6nvt7k9816bcmlatestvk975bgtdcdrkgqe400b6nvt7k9816bcmmcpvk975bgtdcdrkgqe400b6nvt7k9816bcmorchestrationvk975bgtdcdrkgqe400b6nvt7k9816bcmtasksvk975bgtdcdrkgqe400b6nvt7k9816bcm
725downloads
2stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@serrato1
agentslatestmcporchestrationtasks
Download

OpenFleet

Autonomous multi-agent orchestration from your terminal. Create tasks, manage agents, trigger work cycles, and monitor everything — without leaving OpenClaw.

Setup

  1. Get your API key from the OpenFleet Dashboard → Developer Settings
  2. Set the env var: 
    export OPENFLEET_API_KEY=ofk_your_key_here
  3. Install the skill: 
    clawhub install openfleet

Quick verify

Ask your agent: "List my OpenFleet tasks"

20 Available Tools

Tasks

ToolDescription
openfleet_list_tasksList tasks — filter by status, priority, or free-text search
openfleet_create_taskCreate a task (starts in INBOX, auto-assigned to best agent)
openfleet_get_taskGet full task details by ID
openfleet_update_taskUpdate title, description, status, priority, or tags
openfleet_delete_taskArchive (soft-delete) a task
openfleet_unblock_taskUnblock a BLOCKED task with resolution context
openfleet_approve_taskApprove a REVIEW task → moves to DONE
openfleet_add_commentAdd a comment visible to agents during execution

Agents

ToolDescription
openfleet_list_agentsList all agents with status, health, and token usage
openfleet_get_agentGet full agent details by ID
openfleet_create_agentCreate a new agent (LEAD, SPECIALIST, or INTERN)

Automations

ToolDescription
openfleet_list_automationsList recurring task automations
openfleet_create_automationCreate a scheduled automation (hourly → monthly)
openfleet_toggle_automationToggle an automation on/off
openfleet_trigger_automationFire an automation immediately

System

ToolDescription
openfleet_trigger_pulseTrigger an agent work cycle (health check + assignment + execution)
openfleet_get_workspaceGet workspace info and configuration
openfleet_parse_inputParse natural language into a structured task
openfleet_install_templateInstall a workspace template (e.g. saas-startup, content-pipeline)
openfleet_list_activitiesList recent activity feed entries

Usage Examples

Create a task

Create an OpenFleet task: "Build a landing page with hero section, pricing table, and contact form" with HIGH priority and tags frontend, react

Check agent status

List my OpenFleet agents and show who is working on what

Trigger a pulse

Trigger an OpenFleet pulse to assign queued tasks and start agent work

Manage blocked tasks

Show me all BLOCKED tasks in OpenFleet and unblock the one about API keys with the message "Key has been added to environment"

Create a recurring automation

Create a daily OpenFleet automation called "Morning standup report" that generates a summary task every morning

MCP Server Details

This skill wraps the @open-fleet/mcp-server npm package, which exposes a standard MCP stdio server.

Manual MCP setup (if not using ClawHub):

npx @open-fleet/mcp-server setup

The setup wizard auto-detects Claude Code, Cursor, and Windsurf and configures MCP automatically.

Direct npx invocation (for custom configs):

OPENFLEET_API_KEY=ofk_xxx npx -y @open-fleet/mcp-server

OpenClaw + OpenFleet Integration

When you connect OpenFleet with an OpenClaw gateway, this skill completes the bidirectional link:

DirectionWhat it does
OpenFleet → OpenClawOpenFleet sends tasks to your gateway for execution
OpenClaw → OpenFleetThis skill lets OpenClaw manage tasks, agents, and pulse

Full setup

  1. Start your OpenClaw gateway: openclaw gateway
  2. Expose it: cloudflared tunnel --url http://localhost:18789
  3. Connect the tunnel URL + token in OpenFleet Settings
  4. Install this skill: clawhub install openfleet

Resources

Comments

Loading comments...