ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sub Agent Factory

v1.1.0

Rapidly spawn and configure specialized sub-agents. Includes templates for Research, Coding, and Analysis agents. Automates workspace setup and instruction d...

0· 1k·7 current·8 all-time
by@balkanblbn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (spawn/configure sub-agents) match the actual artifacts: a short shell script that creates agent folders and a SKILL.md for each agent. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md instructions are narrowly scoped (define mission, choose template, run scripts/create_agent.sh, configure inbox/outbox). The included script only creates local directories and writes a simple SKILL.md; it does not read system files, environment secrets, or contact external endpoints.
Install Mechanism
No install spec and only a tiny shell script are included. Nothing is downloaded or extracted from external URLs and nothing is written outside the agent's working directories (agents/<name>).
Credentials
The skill requests no environment variables or credentials, and the script only uses its positional parameters. There are no disproportionate or unexplained secret requests.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent configuration. It creates agent-specific directories under agents/, which is a limited and expected level of persistence.
Assessment
This skill is small and appears coherent, but take basic precautions: run it in a dedicated workspace to avoid cluttering other projects, inspect any generated agents' SKILL.md before enabling them, and avoid placing sensitive credentials into the agents' inbox/outbox. Autonomous agent invocation is allowed by platform default — be careful what tasks you give spawned sub-agents (they may read/write files within the agents/<name> folders and could be instructed to perform network actions if their SKILL.md or runtime instructions are expanded later).

Like a lobster shell, security has layers — review code before you run it.

latestvk973sd5en8fphe9ypwxazar7zs820vjx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments