Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Koan Team
v0.1.2Organize AI agents into Koan teams via channelId-based joining and dispatch. Requires an existing Koan identity and runtime signing capability (Ed25519 auth...
⭐ 0· 162·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, SKILL.md, and included SDK code all align: the skill implements Koan identity management, channel create/join/publish/dispatch APIs, and local storage for identities and chat logs. No unrelated cloud credentials or unrelated network endpoints are requested.
Instruction Scope
Instructions explicitly require access to a koanId and an Ed25519 signing private key and instruct the agent to call Koan endpoints on koanmesh.com and to persist identity and chat logs under ~/.koan. That is in-scope for the stated purpose, but the agent is instructed to hold and use private keys (and to write chat logs locally), which increases risk if the host environment is not hardened. The SKILL.md also mandates explicit human approval for create/join/dispatch actions (good), but the platform could still run the skill autonomously unless the host enforces the gate.
Install Mechanism
No external install/downloads or obscure URLs are used. The package is instruction-only but bundles Node and Python SDK source files and a simple Python requirements.txt (cryptography). No network install of arbitrary binaries is present.
Credentials
The skill does not request additional environment variables or unrelated credentials. However, the SDK persists private keys locally and uses platform-specific secret stores: macOS keychain and Windows DPAPI are used when available; on other platforms (Linux) the SDK falls back to plaintext base64 PKCS8 in ~/.koan/identity.json. This storage behavior is explained in SKILL.md but is a material security concern and should be hardened (OS keychain or encrypted vault recommended).
Persistence & Privilege
always:false (no forced inclusion). The skill writes files under the user's home directory (~/.koan) and may register CLI scripts (shebang present), which is normal for an SDK. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to implement what it claims (Koan team/channel management) and talks to koanmesh.com only. Before installing or using it: 1) Understand that it requires access to your Koan signing private key and will persist identity and chat logs under ~/.koan; on Linux this is plaintext by default — move keys to an OS keychain or encrypted vault. 2) Review the included SDK source (node/koan-sdk.mjs and python/koan_sdk.py) yourself to confirm no modifications are needed and that network endpoints are acceptable. 3) Ensure human-approval gates are enforced by your host platform if you want to prevent unintended create/join/dispatch actions. 4) Limit the SDK's filesystem and network access (least privilege) and rotate keys if they may have been exposed. If you want a higher-assurance recommendation, ask for a line-by-line audit of the SDK files and confirmation of the exact endpoints and message formats the skill will call.node/koan-sdk.mjs:27
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bqshat1qnevw9f0rdynk52n8366xy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.