ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Loops

v2.1.0

Multi-agent workflow orchestrator. Use when the user asks to build, create, make, ship, develop, or launch any software (apps, webapps, websites, mobile apps...

0· 278·2 current·2 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to orchestrate agent workflows and the included script implements that by invoking a 'claude' CLI and an optional agent-swarm router. However, registry metadata declares no required binaries or env vars even though the README and run_workflow.py require the 'claude' CLI in PATH and read OPENCLAW_HOME. The omission of these runtime dependencies in metadata is an incoherence the user should notice.
Instruction Scope
SKILL.md instructs running the included Python script which will spawn subprocesses (claude CLI) to execute tasks, chain outputs, and (per README) persist runs to a runs/ directory. The instructions do not attempt to read unrelated system files, but they do cause data to be sent to whatever backend the 'claude' CLI uses and they will save run output locally.
Install Mechanism
No install spec is provided (instruction-plus-code only). This reduces supply-chain risk from remote downloads. The repository does include requirements.txt recommending PyYAML; SKILL.md suggests pip install pyyaml.
!
Credentials
The skill declares no required environment variables or credentials but the code reads OPENCLAW_HOME (defaulting to ~/.openclaw) and passes the full environment to subprocesses. It relies implicitly on a configured 'claude' CLI (which may itself require credentials). The lack of declared env/binary requirements is disproportionate and hides important runtime assumptions.
Persistence & Privilege
The script persists live-run data to OPENCLAW_HOME/.../runs (per README and RUNS_DIR in code). always:false and it does not request elevated privileges or modify other skills. Persisting user inputs/outputs locally is normal for tooling but should be noted since sensitive inputs will be saved by default.
What to consider before installing
What to check before installing/using: - Expect the script to call the 'claude' CLI (claude -p). If you don't have or want that CLI, do not run --apply. The CLI will send task text to its backend (so anything you pass may be transmitted externally). - The metadata omits this requirement; manually verify you have 'claude' in PATH and understand its authentication and privacy model. - The script reads OPENCLAW_HOME (defaults to ~/.openclaw) and will write run records to OPENCLAW_HOME/workspace/skills/agent-loops/runs — inspect that directory and its contents; avoid passing secrets in requests if you don't want them stored or transmitted. - If an agent-swarm router script exists at OPENCLAW_HOME/workspace/skills/agent-swarm/scripts/router.py, this skill will execute it (subprocess). Audit that local router script before running to avoid executing untrusted local code. - If you want to be cautious: run the script in dry-run mode (omit --apply) to see planned steps, review run_workflow.py and workflows, and run in an isolated environment or sandbox before giving it real project data. - The inconsistencies (missing declared binary/env requirements) likely indicate sloppy metadata, not necessarily malicious intent, but you should inspect and confirm the runtime behavior matches your security/privacy needs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973aq05n7c3tqbj9ff8jkv92582hzny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments