ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Manage Teams

v0.1.1

Create, join, and manage teams on OpenAnt. Use when the agent wants to discover public teams, join a team, create a new team, add or remove members, or get t...

0· 383·1 current·1 all-time
by@ant-1984
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the runtime instructions: all commands are calls to the @openant-ai CLI (teams list/get/create/join/add-member/remove-member/delete). Nothing in the SKILL.md asks for unrelated capabilities (no cloud provider creds, no other service tokens).
Instruction Scope
Instructions are narrowly scoped to running the OpenAnt CLI with --json and handling team operations. The document explicitly delegates authentication to an authenticate-openant skill and instructs confirmation for destructive actions. It does not instruct reading arbitrary files, system state, or exfiltrating data.
Install Mechanism
No install spec or code files are present (instruction-only). However, the skill relies on npx @openant-ai/cli@latest which will download and execute a package from the npm registry at runtime — this is expected for invoking a CLI but does run remote code transiently. Consider pinning a specific version rather than @latest if you want reproducibility/auditing.
Credentials
The skill declares no required environment variables or credentials. Authentication is handled implicitly by the OpenAnt CLI (the skill points to an authenticate-openant skill). There are no unrelated secrets or config paths requested.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request elevated platform privileges or attempt to modify other skills or system-wide settings.
Assessment
This skill is a thin instruction wrapper around the OpenAnt CLI and appears internally consistent. Before installing/use: (1) confirm you trust the npm package @openant-ai/cli (npx will fetch and execute it at runtime); prefer pinning a version instead of @latest for auditability; (2) be aware team deletion and member removal are destructive — the skill already asks to confirm but you should double-check prompts; (3) ensure your OpenAnt authentication (handled by authenticate-openant) is stored/used securely and that the agent only performs actions you explicitly approve.

Like a lobster shell, security has layers — review code before you run it.

latestvk973j72347xh7wdaev4x7wf14d823gga

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments