OpenClaw Agent 创建器
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly aligned with creating OpenClaw agents, but it can copy existing authentication, change global agent permissions, and seed new agents with persistent personal context from the template author.
Only use this skill after reviewing the exact openclaw.json changes. Do not copy the main agent's auth.json unless you intentionally want the new agent to have the same credentials. Replace the MEMORY.md template contents with your own neutral/user-approved context before running the new agent, and back up OpenClaw configuration before editing it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A newly created agent could inherit the main agent's account/API access or store third-party bot credentials in a shared configuration file.
The skill tells the agent to create auth.json by optionally copying the main agent's authentication config, and it can also store a Feishu app secret in OpenClaw configuration. The credential scope and approval boundary are not clearly defined.
| **auth.json** | 认证配置(空对象 `{}` 或从主 agent 复制) | ... **appSecret**: 飞书应用密钥 ... "appSecret": "{appSecret}"Default to an empty auth.json, require explicit user confirmation before copying credentials, document exactly which credentials and scopes are being granted, and prefer least-privilege per-agent secrets.
A mistaken or overbroad edit could change how OpenClaw routes messages, which agents can communicate, or which external channel receives the new agent.
The skill instructs changes to the global OpenClaw runtime configuration that register a new agent, authorize agent-to-agent access, and optionally bind external channels, but it does not require a diff, backup, confirmation, or undo path.
修改 `~/.openclaw/openclaw.json` ... **agents.list** — 添加新 agent ... **agentToAgent.allow** — 添加 agentId 到列表 ... **可选:bindings + channels**
Before editing openclaw.json, show the exact diff, ask for confirmation, make a backup, add only the requested permissions, and provide rollback instructions.
New agents may act as if the template author's personal context belongs to the current user, leading to incorrect behavior or unintended disclosure of copied personal details.
The persistent memory template contains specific personal, location, and project context rather than neutral placeholders. Because SKILL.md instructs copying MEMORY.md into each new workspace, new agents may load and trust this context.
- **Location**: 上海世纪公园附近 ... | **AxelHu** | System owner, 用户 | ... | **OpenClaw多Agent** | Active, 工作室日常 |
Replace personal/project-specific memory entries with placeholders, require the current user to populate memory deliberately, and clearly label any examples as non-authoritative sample data.
The new agent may be able to exchange context or messages with other OpenClaw agents if OpenClaw uses this allow list for communication.
The skill intentionally enables the new agent for agent-to-agent communication. This is related to the stated purpose, but it changes data-sharing boundaries between agents.
**agentToAgent.allow** — 添加 agentId 到列表
Enable inter-agent access only when needed, document what data may be shared, and periodically review the allow list.