Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Venture Spawner
v1.0.0Instant agent hiring. Takes job postings from the orchestrator and fills them with properly configured sub-agents. Handles context passing, timeout enforceme...
⭐ 0· 34·0 current·0 all-time
byKairoKid@dodge1218
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (spawn sub-agents, enforce timeouts, pass context) align with the instructions. However several bucket-specific requirements (e.g., "Include SSH commands for droplet", "Ryan's resume", "Relevant skill files, OpenClaw docs") are not justified by the manifest (no env, no config paths) and imply access to SSH credentials, a named individual's private file, and other skills' internals. Those items are disproportionate to a generic spawner unless the orchestrator explicitly provides controlled access.
Instruction Scope
SKILL.md tells the agent to read workspace/JOB_BOARD.md and to assemble/paste relevant file contents into spawned-agent tasks. It explicitly allows passing 'Relevant skill files' and full file references, and asks for SSH commands to be included for some buckets. That grants broad discretion to include files (potentially secrets) in task payloads and to instruct sub-agents to perform network/SSH actions — scope creep from a simple orchestrator role unless the platform enforces strict file/secret filtering.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill package itself.
Credentials
The skill declares no environment variables or credentials, yet the guidance implicitly expects access to potentially sensitive material (SSH commands/keys, 'Ryan's resume', other skill files). That mismatch (no explicit credential requirements but clear need/encouragement to use sensitive data) is a red flag: who provides SSH keys and personal files, and how are they protected/filtered before being passed to child agents?
Persistence & Privilege
The skill does not request always:true and does not install persistent components. However it is allowed to invoke autonomously (default), so combined with the instruction to spawn and pass arbitrary context, autonomous invocation increases blast radius—particularly for buckets that ask to include other skills or SSH commands. This is noteworthy but not decisive on its own.
What to consider before installing
This skill appears to implement an agent-spawning orchestration flow but contains several items that could expose secrets or sensitive files if not constrained. Before installing, confirm: (1) where JOB_BOARD.md and referenced files live and who can write them; (2) that the platform enforces strict allowlists/deny-lists so spawned tasks cannot receive .env contents, private keys, or personal files unless explicitly authorized; (3) whether 'Include SSH commands for droplet' implies access to SSH private keys — if so, deny or centralize SSH access rather than embedding keys in tasks; (4) how access to other skills' files and OpenClaw docs is controlled; and (5) add explicit sanitization rules in the orchestrator (strip credentials, redact secrets, require user confirmation before spawning buckets that reference named personal files). If you proceed, limit which buckets can spawn agents, require explicit approval for any job that references SSH or named personal data, and monitor spawned-agent activity and logs for unexpected outbound connections or file accesses.Like a lobster shell, security has layers — review code before you run it.
latestvk970r1j2q61shte4jv6v3pe2q183zcw4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.