Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Synapse Brain
v2.0.1Synapse Brain — OpenClaw 持久调度 Agent。 基于 Managed Agents 架构,提供跨 Session 的任务管理、子代理调度、 状态持久化和知识互操作能力。是 synapse-code 和 synapse-wiki 的调度核心。 当用户提到任务调度、跨会话管理、多 Agent...
⭐ 0· 76·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (persistent orchestrator for synapse-code/synapse-wiki) align with the provided Python scripts and README. Required binary (python3) is appropriate and there are no unrelated credential or external-service requirements in the manifest.
Instruction Scope
Runtime instructions and scripts operate on local session state (state.json) in ~/.openclaw/brain-state, which matches the declared purpose. However: (1) state files are created/overwritten based directly on the provided 'project' string (no sanitization) — a crafted project name could cause path traversal or write files outside the intended directory; (2) archive() logic compares updated_at < now() in a way that will effectively archive completed tasks immediately (logic bug); (3) SKILL.md describes dispatching to other skills, but the scripts do not perform network calls — orchestrator behavior depends on platform-level invocation which the code does not enforce, so the actual runtime interactions depend on the OpenClaw environment.
Install Mechanism
No remote downloads or external installers; install.sh copies local files into ~/.openclaw/skills and creates ~/.openclaw/brain-state. That is low network risk. But the installer unconditionally removes any pre-existing skill directory (rm -rf $SKILL_DEST) even when FORCE is not provided — this is destructive and may silently overwrite or remove local changes. install.sh otherwise uses standard tools (rsync, mkdir).
Credentials
The skill declares no required environment variables or secrets. The code references an optional model env name in a comment (SYNPASE_ROUTER_MODEL) but does not require it. No keys/tokens are requested or embedded.
Persistence & Privilege
Skill persists state under ~/.openclaw/brain-state and installs files under ~/.openclaw/skills; it does not declare always:true and does not modify other skills' configs. Persistence is expected for this purpose, but the write behavior combined with unsanitized project names increases local file-write risk. Autonomous invocation is allowed by default (platform behavior) but not a unique red flag here.
What to consider before installing
This skill appears to implement the described local orchestrator, but review before running: 1) Inspect and run install.sh with --dry-run first (./install.sh --dry-run) — the installer will remove any existing ~/.openclaw/skills/synapse-brain directory (rm -rf) and overwrite files. 2) Don't run the installer as a privileged user; run as your normal account. 3) Avoid passing untrusted strings as project names — state files are created using the raw project name and could allow path traversal or writing outside ~/.openclaw/brain-state. 4) Expect some logic bugs (archive behavior); consider reviewing state_manager.archive and other functions before relying on them. 5) The code does not call external endpoints or require secrets, but orchestration with synapse-code/synapse-wiki depends on your OpenClaw environment — verify how those skill invocations are implemented in your agent before integrating. If you plan to use it, prefer manual installation (copy files yourself) or back up ~/.openclaw/skills and ~/.openclaw/brain-state first.Like a lobster shell, security has layers — review code before you run it.
latestvk974xpxs37496sgg5tabvn859984kw25
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧬 Clawdis
Binspython3