ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi-Agent Deployment Skill for OpenClaw

v1.0.1

Deploy a production-ready multi-agent fleet in OpenClaw. Includes step-by-step setup guide, workspace templates, and Python automation scripts for agent crea...

0· 11·0 current·0 all-time
by@abhinas90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The included scripts (workspace creation, routing config generation, memory sync, and deploy.sh) align with the described goal of deploying a multi-agent OpenClaw fleet. File functions correspond to the SKILL.md description. However the SKILL.md claims an OpenRouter API key is required and SSH access is expected, but the skill's declared metadata lists no required environment variables or primary credential — this mismatch is unexplained.
!
Instruction Scope
Runtime instructions tell the agent/user to run scripts that create workspaces, generate openclaw.json, sync 'Cross-Agent Intel' across all agents' MEMORY.md files, and run deploy.sh which scp/ssh uploads files to a VPS and restarts a Docker container. The memory_sync tool merges and writes Cross-Agent Intel blindly (no sanitization), which can propagate sensitive data across agents. The deploy step will copy files into a user-provided VPS path and restart the first container with name filter 'openclaw' — this can modify remote system state and should be run only with explicit, reviewed credentials and backups.
Install Mechanism
No install spec — instruction-only plus included scripts. There are no downloads from external URLs or package installs. This lowers installer risk; code is provided in plain text so reviewers can inspect it.
!
Credentials
Metadata declares no required env vars, but SKILL.md lists 'OpenRouter API key' and the deploy workflow requires SSH access (private key / credentials). The skill does not declare or handle these credentials itself. The deploy.sh expects an SSH key path and will use it to scp/ssh to the VPS; the scripts will therefore require credentials at runtime even though none are listed in the manifest. Also, cross-agent memory sync can cause secrets stored in MEMORY.md to be shared across agents — a proportionality/privacy concern if MEMORIES contain sensitive tokens/keys.
Persistence & Privilege
always is false and the skill does not request persistent, system-level privileges beyond using SSH to update a VPS and restarting containers. It does write to user-specified paths on the VPS (VPS_DATA) and will replace agent workspace files and utility scripts at that location; this is expected for a deployment utility but is a high-impact action.
What to consider before installing
Before installing or running this skill: (1) Review and sanitize any existing MEMORY.md content — memory_sync will merge and distribute 'Cross-Agent Intel' to every agent without filtering, which can leak secrets; (2) Confirm where openclaw.json and workspace directories will be written on your VPS, and back them up — deploy.sh overwrites files and restarts an 'openclaw' container; (3) Provide SSH credentials only to a trusted host and run deploy.sh manually after review (the skill does not declare or manage these credentials); (4) Ensure your OpenRouter API key is provisioned to the runtime in a secure place (the skill references OpenRouter in routing config but does not manage the key); (5) Test everything in a staging environment first (the default paths point at /data/.openclaw and the script restarts containers automatically). The pieces are coherent for a deployment helper, but the undeclared credential requirements and blind memory propagation justify caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vyr1qehxad6vngsvctkezs8433t8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

What This Skill Does

Guides you through deploying 3-5 specialized AI agents in OpenClaw that work as a coordinated fleet. Based on a real production setup running on a Hostinger VPS with Docker.

Included Files

FilePurpose
agent_setup.pyCreates workspace directory structure for any number of agents
routing_config.pyGenerates openclaw.json agent entries with model routing and fallbacks
memory_sync.pySyncs Cross-Agent Intel sections across all agent MEMORY.md files
deploy.shUploads workspace files to VPS and restarts the container

Step-by-Step Setup

1. Create Workspace Structure

python3 agent_setup.py --agents pat scout publisher builder --base /data/.openclaw

Creates workspace-{agent}/ with SOUL.md, MEMORY.md, drafts/, skills/, .claude/settings.json, .claudeignore.

2. Define Each Agent's Role

Edit each workspace-{agent}/SOUL.md:

  • Set the agent's mission and responsibilities
  • Define which tools it uses
  • Add hard limits and escalation rules

3. Generate Routing Config

# Preview output
python3 routing_config.py --agents main scout publisher builder

# Write directly to openclaw.json
python3 routing_config.py --agents main scout publisher builder \
  --output /data/.openclaw/openclaw.json

Configures model routing with OpenRouter fallbacks (minimax → deepseek → kimi).

4. Set Up Cron Jobs

Add to your cron/jobs.json for each agent:

{
  "name": "Agent: Daily Run",
  "agentId": "scout",
  "schedule": { "expr": "0 10 * * *" },
  "enabled": true
}

5. Deploy to VPS

bash deploy.sh --vps root@your-vps-ip --key ~/.ssh/your_key

6. Sync Agent Memory

Run nightly or manually to propagate cross-agent intelligence:

python3 memory_sync.py --base /data/.openclaw --agents pat scout publisher builder

Architecture Pattern

Coordinator (main) — always-on Telegram, approval queue, briefings
    ├── Scout       — market intel, inbound monitoring, trends
    ├── Publisher   — content drafts for Twitter/LinkedIn/video
    └── Builder     — skill development, marketplace research

Each agent has:

  • Isolated workspace with its own SOUL.md and memory
  • Separate cron schedule
  • Model routing with fallbacks via OpenRouter
  • Shared memory sync via Cross-Agent Intel

Requirements

  • OpenClaw running on a VPS (Docker)
  • OpenRouter API key (for model routing)
  • SSH access to your VPS

What Makes This Different

  • Real production patterns — not examples, this is a live setup
  • Isolation by design — each agent has its own workspace and memory
  • Fallback routing — agents keep running if a model goes down
  • Memory persistence — agents remember context across sessions and compaction

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…