Openclaw Agent Builder
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-agent-builder Version: 0.1.0 The `SKILL.md` documentation describes how to configure OpenClaw agents with high-risk capabilities, such as arbitrary script execution via 'hooks' (e.g., `agent:bootstrap`, `before_tool_call`) and granting agents `exec` tool permissions. While these features are plausibly necessary for an 'agent builder' skill, they introduce significant security vulnerabilities (potential RCE) if the agent is prompted maliciously or if the configuration is insecure. The skill bundle itself does not contain malicious instructions or code, but it details how to enable powerful, risky functionalities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the examples can create agents, set workspaces, and change models or routing behavior.
The guide includes local CLI commands that create and configure persistent OpenClaw agents. This is purpose-aligned, but it changes the user's agent environment.
openclaw agents create <agent-name> --workspace ~/openclaw-workspaces/<agent-name>
Run these commands only when you intend to change your OpenClaw setup, and review the generated configuration afterward.
If raw secrets or overly detailed credential locations are placed in agent-readable files, future agent sessions may expose or misuse them.
The guide documents authentication-token files and suggests recording database connection strings or credential locations in tool configuration notes. This is relevant to agent setup but sensitive.
auth.json # 认证令牌 ... 数据库连接字符串 ... 认证凭据位置
Prefer environment variables or secret managers for credentials, and avoid storing raw tokens or passwords in Markdown workspace files.
Personal details, prior instructions, or sensitive conversation content may persist and influence later agent behavior.
The guide describes persistent memory files and JSONL session histories that may be reused across future agent interactions.
MEMORY.md # 长期记忆 ... sessions/ # 会话历史 (JSONL)
Use separate workspaces for sensitive contexts, prune old sessions, and avoid storing secrets or untrusted instructions in long-term memory.
A misconfigured channel ID, group binding, or identity link could route messages to the wrong agent or merge conversations that should stay separate.
The guide shows linking identities across channels and binding Feishu, WhatsApp, and other peers to specific agents. This is core to the skill but affects message routing and privacy boundaries.
identityLinks: { alice: ["telegram:123456789", "feishu:ou_xxx"] }Verify channel IDs carefully, use allowlists and requireMention where appropriate, and test routing with non-sensitive messages first.