Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Agent Creator
v1.0.0Create new OpenClaw agents for Arch's multi-agent system. Use this skill when asked to create, add, or set up a new OpenClaw agent, or when adding an agent to the system defined in ~/.openclaw/. Covers the full lifecycle: directory creation, workspace files (SOUL.md, IDENTITY.md, etc.), openclaw.json config, Telegram routing (bindings + groups + mention patterns), cron job creation with proper prompt engineering, and gateway restart. Includes hard-won lessons from building the Wire (News) agent — the first non-default agent in the system. Also use when modifying existing agent configs, adding cron jobs to agents, or debugging agent routing issues.
⭐ 0· 940·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (create and configure OpenClaw agents in ~/.openclaw/) aligns with the actions described in SKILL.md (create dirs, edit openclaw.json, create cron jobs, restart gateway). However, the manifest lists no required binaries or tools even though the instructions assume availability of the openclaw CLI and utilities like jq and standard shell tools (cp, mkdir). This is an implementation omission that can cause failures or hide additional implicit requirements.
Instruction Scope
SKILL.md instructs the agent to stop/start the gateway, edit ~/.openclaw/openclaw.json, create workspace directories and files, and author cron job prompts that run shell substitutions and use jq to resolve Telegram group IDs. These operations are within the skill's scope, but the docs also tell agents (in AGENTS.md) 'Don't ask permission. Just do it.' and instruct agents to read workspace memory files (memory/YYYY-MM-DD.md, MEMORY.md). That encourages autonomous modification of system config and reading potentially sensitive local data. The combination — automated edits to config + reading workspace memory files that may contain secrets + explicit advice to act without asking — is a notable scope creep/risk for users who expect manual confirmation.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. That's the lowest-risk install mechanism. The only concern is the mismatch between the instructions' implicit tool requirements (openclaw, jq, shell utilities) and the manifest's 'required binaries: none.'
Credentials
The skill requests no environment variables, no credentials, and no config paths in its manifest. The runtime instructions operate on user-local OpenClaw files under ~/.openclaw/, which is proportional to the stated purpose. No unrelated external credentials or remote endpoints are requested.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. It does, however, instruct the agent to perform privileged-seeming actions within the user's OpenClaw installation (editing openclaw.json, stopping/starting the gateway, creating cron jobs). Because the skill's text encourages 'just do it' behavior, consider the risk if the skill is invoked autonomously by the agent without interactive confirmation.
What to consider before installing
This skill appears to do what it says (create and configure OpenClaw agents), but review a few things before installing or running it:
- Verify tool availability: the instructions assume the openclaw CLI and jq (and a POSIX shell) are present. The manifest lists no required binaries — make sure those tools exist on your system or the scripts/prompts will fail.
- Review and limit autonomy: AGENTS.md contains the phrase 'Don't ask permission. Just do it.' If you don't want the agent making config changes or restarting the gateway without confirmation, require human approval before executing any stop/start, file edits, or cron creation steps.
- Inspect workspace files for secrets: the skill instructs agents to read memory and workspace files (memory/YYYY-MM-DD.md, MEMORY.md). Those could contain sensitive information. Clean or audit those files before letting an automated flow read them, or add explicit rules to avoid reading secrets.
- Back up before changing config: the skill advises backups; follow that. Ensure you have a good backup and/or test in a non-production environment first.
- Cron prompts and shell substitution: cron prompt patterns include shell substitutions and instructions to run jq at runtime. Understand how those prompts will be stored and executed, and confirm they can't be abused to run unintended commands.
If you accept those caveats and confirm the required CLI tools are present, the skill is reasonably coherent for its purpose. If you are unsure about autonomous edits or exposing local memory files, treat the skill as potentially risky and restrict its use to manual, guided runs only.Like a lobster shell, security has layers — review code before you run it.
latestvk971ba3yfb8cr9d46rz347gjr9811yjw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.