Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Durable Agents
v1.0.0Build autonomous multi-agent pipelines with Mastra (agents only) and Trigger.dev (all workflows and tasks). Use when creating AI agents, designing multi-stag...
⭐ 1· 388·0 current·0 all-time
byZeeshan Ahmad@ainakwalamonk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described goal (building Mastra + Trigger.dev pipelines) can legitimately require starting local Docker services, configuring Trigger.dev, and wiring an LLM gateway. However, the skill metadata declares no required env vars or credentials even though the runtime instructions explicitly search for and write AI credentials, Trigger secrets, and CLI PATs — a mismatch between claim and actual needs.
Instruction Scope
The SKILL.md / setupSkill.md direct a full, non-interactive setup: scanning project directories and running docker inspect, reading/writing .env, querying Postgres via docker exec, and editing ~/Library/Preferences/trigger/default.json. It also enforces 'Never stop for user input' and 'find the solution independently' rules, which grant broad discretion to probe the host filesystem and services. Those steps go beyond typical guidance and can expose or overwrite secrets and user config.
Install Mechanism
No install spec or remote downloads are included (instruction-only skill), which reduces supply-chain risk. The primary risk comes from the actions the instructions ask the operator/agent to perform, not from any packaged installer.
Credentials
Although the registry metadata lists no required env vars or credentials, the setup instructs obtaining AI_BASE_URL, AI_API_KEY, MODEL_ID, TRIGGER_SECRET_KEY, TRIGGER_ACCESS_TOKEN and possibly DB access. Asking the runtime to discover these values in other projects/containers and to write them into .env or system files is disproportionate to what's declared and increases the chance of secret exposure or accidental overwrite.
Persistence & Privilege
The setup explicitly edits local config files (e.g., .env, trigger.config.ts, and ~/Library/Preferences/trigger/default.json), inserts tokens into the DB, and generates encrypted PATs using a hard-coded ENCRYPTION_KEY in the recovery instructions. While these changes may be needed for local self-hosting, they are privileged and should be performed with explicit user consent and review — not by a non-interactive process.
What to consider before installing
This skill contains a one-time setup guide that will search your filesystem and Docker containers for credentials, write to .env and to the Trigger CLI config, run database queries inside Docker, and even generate and insert PATs. Before running anything or letting an agent execute these steps: (1) Review the repository it clones (git clone https://github.com/ainakwalamonk/durableclaw.git) and every script (./setup.sh, init scripts) manually. (2) Back up any files that may be modified (your .env, trigger config, and Trigger CLI prefs). (3) Prefer running the setup interactively in an isolated VM/container rather than on a production host. (4) Ask the author why required credentials are not declared in metadata and why the setup insists on 'never stop for user input'. (5) Disable autonomous invocation for this skill or require explicit human approval before it runs any system-modifying steps. If you want, I can list the exact files and commands in the setup to review line-by-line.Like a lobster shell, security has layers — review code before you run it.
latestvk97b7ykspmbh0bt3kxx3493t7n81xw17
License
MIT-0
Free to use, modify, and redistribute. No attribution required.