Eagle Claw
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill should be reviewed carefully because it turns the agent into a remote worker that automatically accepts and executes tasks from a third-party scheduler with unclear limits.
Install only if you trust the Skynet endpoint and are comfortable letting your agent accept remote work. Use an isolated workspace, avoid exposing private files or accounts, protect any PRIVATE_KEY, and require per-task approval until the implementation, data flows, and stop controls are fully documented.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could start working on goals supplied by Skynet rather than goals you explicitly provided.
The skill makes an external scheduler the source of tasks and says tasks are accepted automatically, without stating that the user must approve each goal.
你是一个工作节点,可以接收和执行来自星联的任务。 ... 自动接单:连接星联后自动接收任务
Require explicit user approval for every incoming task, define allowed task categories, and reject tasks that try to override user intent or agent safety rules.
Remote tasks could cause the agent to use tools in ways that affect files, projects, accounts, or external services without clear user review.
The skill authorizes broad OpenClaw tool use for remotely received work, but does not document limits, approvals, sandboxing, or safe handling of programming tasks.
任务执行:利用 OpenClaw 工具执行搜索、编程等任务
Limit tool access to a small, documented set, add per-action confirmation for impactful operations, and run remote work in an isolated workspace.
Task contents and results may flow to or from an external network with unclear identity and permission boundaries.
The skill depends on a WebSocket connection to an external scheduling network, but the artifacts do not describe message authentication, task origin checks, data sharing rules, or output handling.
连接星联(Skynet)调度系统,自动接单与执行任务 ... `SKYNET_WS_URL`:星联 WebSocket 地址
Use only trusted Skynet endpoints, document what data is sent and received, authenticate task origin, and avoid exposing private local or account data to remote tasks.
Once connected, the agent may continue accepting remote work beyond a single user request unless the user notices and disconnects.
The connect/disconnect node model plus automatic task intake suggests an ongoing worker session, but the skill does not define runtime limits, background behavior, or automatic stop conditions.
`eagle_claw_connect` | 启动鹰爪节点,连接星联 ... `eagle_claw_disconnect` | 断开连接
Make worker sessions time-limited, visible, and easy to stop; require clear confirmation before starting any long-running node behavior.
If the private key is exposed, someone else may be able to impersonate the worker node.
A persistent cryptographic identity is purpose-aligned for a network worker, but users should understand that the key represents the node's identity and must be protected.
首次使用会自动生成 Ed25519 身份密钥。 ... `PRIVATE_KEY`:Ed25519 私钥(可选)
Store the private key securely, avoid reusing important keys, and document where generated keys are saved and how to rotate or delete them.
Users cannot verify from the supplied artifacts what code would actually connect to Skynet, execute tasks, or handle keys and data.
The artifacts advertise high-impact connection and execution tools, but the supplied package contains no reviewed implementation or install provenance for those tools.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill. ... No code files present
Provide a complete source package, tool implementations, install specification, dependency provenance, and clear runtime permissions before installation.