ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nanobot Overstory Bridge

v1.1.0

Seamless bidirectional bridge between nanobot (Ollama Mistral orchestrator) and overstory (Claude Code agent swarm). Routes tasks through the OverClaw gatewa...

0· 347·0 current·0 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (a bridge between nanobot and overstory) is consistent with the included Python modules (task routing, session mapping, memory sync, an overstory CLI wrapper and gateway tooling). However the registry metadata claims no required env vars or config paths while the SKILL.md and the code expect environment variables and local resources (OVERSTORY_BIN, NANOBOT_GATEWAY_URL, workspace paths, etc.). That mismatch between declared requirements and actual runtime needs is an incoherence to be aware of.
!
Instruction Scope
The SKILL.md and code instruct the agent to read and write workspace files (MEMORY.md, .overclaw UI settings, .overstory/gateway-context.md), scan skills directories and skill metadata, read possible user config files (~/.nanobot/config.json), and (via gateway_tools/find_skill_script + exec path) discover and execute arbitrary scripts in the skills directory. Those actions go beyond simple message routing and give downstream agents the ability to inspect local configs and run local scripts — a significant scope expansion that could be abused to access secrets or execute arbitrary code.
Install Mechanism
No remote install/downloads are present (instruction-only install spec). The package contains Python scripts only; there are no brew/npm downloads or extraction-from-URL steps. Risk from install mechanism itself is low. Note: the code will run on the host and perform filesystem and subprocess actions when invoked.
!
Credentials
Although the registry lists no required environment variables, the code relies on several environment variables (NANOBOT_GATEWAY_URL, NANOBOT_WORKSPACE, NANOBOT_SKILLS_DIR, OVERSTORY_BIN, SESSION_BRIDGE_DB, NANOBOT_MEMORY_PATH, etc.). The code reads home/workspace config files (like ~/.nanobot/config.json) and MEMORY.md which may contain sensitive data. The skill does not request cloud API keys etc., but it does access local config files and can execute other skill scripts — that access is broad relative to a simple routing bridge and could expose secrets or allow lateral actions.
Persistence & Privilege
The skill is not force-included (always:false). It permits autonomous invocation (default behavior). It writes/updates local files under the workspace (UI settings, gateway-context.md, MEMORY.md entries) and creates project folders and a SQLite DB for session mappings; these behaviors are expected for a bridge but do give it persistent local state and the ability to alter workspace files. Combined with the ability to execute scripts in the skills dir, this persistence increases the blast radius if the skill or invoked agents are untrusted.
What to consider before installing
What to consider before installing: - This skill contains multiple scripts that read/write files in your home/workspace (MEMORY.md, ~/.nanobot/config.json, UI settings, session_bridge.db) and can discover and execute Python scripts from the skills directory. That means agents routed through this bridge could read local config files and run local code. - The registry metadata claims no required env vars, but the code expects several (OVERSTORY_BIN, NANOBOT_* paths). That mismatch is a red flag — verify and explicitly set safe paths before use. - If you keep secrets (API keys, tokens) in workspace files or ~/.nanobot/config.json or in MEMORY.md, consider them at risk. Avoid storing credentials in those files or run the bridge in an isolated environment. - Before installing: review the implementation of exec_skill / any code that launches subprocesses (not fully shown in the truncated file) to confirm whether scripts are executed safely (sandboxed, path-checked) or run arbitrary commands. - Mitigations: run this bridge inside a sandboxed VM or container, restrict NANOBOT_WORKSPACE and NANOBOT_SKILLS_DIR to a controlled directory with limited contents, do not expose credentials in the workspace, and restrict OVERSTORY_BIN to a trusted binary. Prefer installing only if you trust the overstory agents and the skill author (this package lists author 'ghost' and no homepage/source — lack of provenance increases risk). - Additional information that would change this assessment: a trustworthy source/homepage and clear provenance; a registry manifest that declares required env vars and permissions; or confirmation that exec_skill implements strict sandboxing/safety checks. If exec_skill is safe and the runtime is properly sandboxed, this would lower concern; if exec_skill runs arbitrary subprocesses with untrusted input, the risk would be higher.

Like a lobster shell, security has layers — review code before you run it.

latestvk973hzwcd0gf9zfr7ccndqgftx821yjv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments