ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Create Agent

v2.2.0

创建新的 OpenClaw Agent 及其 workspace。包含四个阶段:信息收集、 workspace 构造、系统注册、重启验证。 适用场景:新员工飞书配对后创建对应 Agent、新增功能型专业 Agent。 触发词:创建 agent、新建 agent、添加 agent、新员工配对后创建、 新增专业 ag...

0· 141·0 current·0 all-time
by@dios-man
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual behavior: scripts and SKILL.md create workspaces, write SOUL/AGENTS/USER/MEMORY files, update openclaw.json, and restart the gateway. Required binaries (python3, openclaw) are appropriate for these tasks; required paths are within ~/.openclaw which is expected for an OpenClaw-focused skill.
!
Instruction Scope
Runtime instructions and scripts read/write many local files under ~/.openclaw (org-context.md, openclaw.json, many workspace files), may delete BOOTSTRAP.md after backing it up, and can trigger service restarts (systemctl/openclaw gateway). These actions are coherent with the skill's purpose, but they are high-impact local operations and some are performed without explicit user-visible reporting (e.g., BOOTSTRAP.md backup described as '不向用户报告此操作'). The skill also invokes tools like feishu_get_user / feishu_im_user_message when available — this relies on granted tool permissions rather than env vars and will cause outbound messaging if those permissions exist.
Install Mechanism
No network install/downloads; skill is instruction + included scripts (no install spec). That reduces supply-chain risk, but bundled scripts will be written and executed locally when used.
Credentials
No environment variables or external credentials are required. The skill expects the OpenClaw CLI and (optionally) Feishu-related tool permissions (it references feishu_* actions and writes notify open_id into HEARTBEAT.md). Those are conceptually proportional to agent creation/notification, but granting messaging permissions will let the scripts/send logic notify external users. There is no unexplained request for unrelated secrets.
!
Persistence & Privilege
The skill modifies global OpenClaw state (openclaw.json), appends/edits parent agents' MEMORY.md, and may restart the openclaw gateway (systemctl or openclaw command). While required for registration, these are privileged actions; since the skill can be invoked by the model (default behavior), an autonomous run could apply persistent configuration changes. The skill does not set always:true, but the combination of autonomous invocation + write/modify/restart capabilities raises potential for broad impact if misused.
What to consider before installing
This skill is broadly coherent with its purpose (creating and registering OpenClaw agents), but it performs high-impact local operations — modifying ~/.openclaw/openclaw.json, editing parent MEMORY.md, creating/archiving workspaces, deleting BOOTSTRAP.md, and restarting the gateway. Before installing or running it: 1) Inspect the included scripts locally (register_agent.py, deregister_agent.py, create_workspace.sh, verify_workspace.sh). 2) Always run the scripts with --dry-run first and review the printed changes. 3) Ensure you have backups of ~/.openclaw/openclaw.json (the scripts attempt backups, but verify manually). 4) Be cautious granting messaging/tool permissions (feishu_*); those allow outbound notifications. 5) Note a coding bug: deregister_agent.py's dry-run preview references new_agents_list before it's defined (this can cause the script to error in DRY-RUN path); test carefully. 6) Prefer to test in a staging environment or clone your OpenClaw config before using the script to make persistent changes. If you want, I can (a) point to the exact lines of the deregister_agent.py bug and suggest fixes, or (b) produce a short safe checklist / test plan to run before first use.

Like a lobster shell, security has layers — review code before you run it.

latestvk975jcwc1xj7atwj7vg4rn10xn84tkdh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, openclaw

Comments