ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Colony

v1.0.0

Orchestrates multi-agent task delegation and workflows with audit logging, checkpoint approvals, and agent learning for coordinated project execution.

0· 1.1k·7 current·8 all-time
by@dabruhce
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md describe a multi-agent orchestration system (dispatch, processes, audit, agent memory) and the included JS files implement that functionality. This is coherent with the (implicit) purpose. However, the skill invokes an external 'openclaw' CLI and uses shell utilities (mv, base64, echo) even though the registry metadata lists no required binaries; that omission is an inconsistency that should have been declared.
!
Instruction Scope
Runtime instructions and the code perform extensive local file reads/writes under the 'colony/' tree (tasks.json, audit logs, memory files, contexts) — expected for this tool — but the worker and CLI construct and run shell commands (execSync/spawn) that call: openclaw agent, openclaw message send, base64 and other shell utilities. Some commands interpolate values derived from task metadata or config. While most inputs are safely base64-encoded before being passed to the shell, there are places (notification target, some interpolated fields) where user-configurable strings are injected into shell command lines. This creates a risk of command injection or unintended external transmission of data if untrusted input reaches those fields. The instructions do not call out or require inspection of the notification/config targets or the presence of the openclaw CLI.
Install Mechanism
No install spec is provided; this is an instruction/code-only skill. There are only source files and a package.json with a single dependency (js-yaml). Nothing is downloaded from remote URLs during install, so installation risk is low. The usual Node.js dependency install (npm install) will be required to satisfy js-yaml, but no automatic remote binary fetches are present.
!
Credentials
The skill declares no required environment variables or binaries, but the implementation clearly depends on an external 'openclaw' CLI and on standard shell tooling (mv, base64, echo). That mismatch is an incoherence: the skill should declare those runtime binary requirements. The skill also sends notifications via an external channel (openclaw message send) to a configured target from colony/config.yaml — the target and notification behavior could cause data to be sent externally if not configured carefully. No secrets/env vars are required by metadata, which is good, but the code will read and write local files that may contain sensitive context if you feed them such data.
Persistence & Privilege
The skill does persistent storage only under its own 'colony/' directory (tasks, audit logs, agent memories, runs). It does not request platform-level always: true or modify other skills. It spawns background worker processes and invokes external CLIs — standard for an orchestration tool — but it does not request elevated system privileges in the manifest.
What to consider before installing
This skill is a full local CLI for running multi-agent workflows and generally matches its stated purpose, but please review these before installing or running: - Required binaries: The code expects an 'openclaw' CLI and uses shell utilities (mv, base64, echo). The manifest did not declare these — ensure you have a trustworthy openclaw binary and understand what it will do. - Notifications: The CLI can send messages via openclaw message send to a configured target (colony/config.yaml). Check that config and set notifications.target to a safe value (or disable notifications) to avoid accidental data leakage. - File writes: The skill creates and updates many files under the 'colony/' directory (tasks.json, audit logs, memory files, context). Do not run it in a directory containing sensitive files you don't want the tool to read or modify. - Shell command usage: Multiple scripts build shell commands with interpolated values. If you plan to feed untrusted task descriptions or modify config files, do so in an isolated environment (VM/container) because of potential command-injection risks. - Recommended actions before use: inspect colony/config.yaml and colony/agents.yaml, run the code in a sandbox, verify the openclaw binary you will use, and consider adjusting notification settings. If you need higher assurance, request the author to declare required binaries and to avoid constructing shell commands with unescaped, user-provided content. Overall: functionally coherent with its purpose, but the missing declared runtime dependencies and the use of shell-executed external CLI calls merit caution — treat this skill as suspicious until you validate those points.

Like a lobster shell, security has layers — review code before you run it.

latestvk970aedzcy9azshntn3ct6zfph80zbft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments