ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill to Agent Converter: Convert a Skill into an OpenClaw Agent

v1.0.0

Convert OpenClaw skills into properly configured agents with correct workspace setup, binding, and orchestration. Solves common agent creation failures (thre...

0· 221·0 current·0 all-time
by@drafthead
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name and description align with the instructions: the SKILL.md describes converting skills into agent workspaces, registering them, and spawning sessions. However, the runtime docs repeatedly reference a script (scripts/skill_to_agent.js and a skill_to_agent.js module) and automation examples that are not present in the package — an inconsistency that needs clarification (either the converter expects external tooling or files are missing).
!
Instruction Scope
The instructions tell operators/agents to create directories under ~/.openclaw/agents, copy skill files into agent workspaces, write identity/memory/config files, call gateway({ action: 'config.patch' }) to modify system agent configuration, and spawn sessions via sessions_spawn. These actions are exactly what a converter must do, but they also modify system-wide configuration and give created agents runtime/tool access (sessions_spawn, read, write, web_search, etc.). The guidance to 'always set cwd' and to restart the gateway are operationally necessary but increase risk if applied to untrusted skill content.
Install Mechanism
This is an instruction-only skill with no install spec (low disk risk). That said, the documentation and examples expect a local script (skill_to_agent.js) to exist. The absence of that script in the package is inconsistent: either the tool is external or the package is incomplete. No downloadable URLs or third-party installs are present.
Credentials
The registry metadata declares no required env vars or credentials, which is proportional. The docs reference optional env vars (OPENCLAW_AGENTS_DIR, SKILL_TO_AGENT_DEBUG, DEFAULT_AGENT_RUNTIME) and show examples granting tools like sessions_spawn, web_search, read, write. Those tools are powerful; granting them to generated agents is sometimes necessary but significantly increases capability and blast radius and should be limited to trusted agents.
!
Persistence & Privilege
The skill's workflow requires registering agents in the system-wide agents.list (via gateway config.patch) and restarting the gateway. That creates persistent, autonomous agents with configured tool access and memory directories. While coherent with the converter's purpose, modifying global configuration and enabling new autonomous actors is high privilege — combining this with copying arbitrary skill contents into long-lived workspaces raises the chance of persistent abuse if sources are untrusted. The skill itself is not always:true, but its recommended actions create persistent agents.
What to consider before installing
This package is an instruction-only converter that walks you through creating agent workspaces, registering them in OpenClaw's agents.list, and spawning them. Before using it: 1) Note that the SKILL.md and examples reference a script (skill_to_agent.js) that is not included — confirm where that script comes from and inspect it before running. 2) Understand this process modifies system-wide OpenClaw configuration (gateway config.patch and restart) and creates persistent agents; back up your OpenClaw config first. 3) Audit any skill files you copy into agent workspaces — converted agents run with tools like sessions_spawn, read/write, and web_search which can be abused if the skill content is malicious. 4) Limit tool permissions for newly created agents and test conversions in an isolated environment (VM/container) before applying to production. 5) If you need higher assurance, ask the author for the missing script(s) or a signed release and review those files before running the automated steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk9775gv8cm2asqeyw7pbh9j53182mnwm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments