ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi Agent Collaboration

v2.0.0

Claude Grade 多智能体协作技能。用于把原始多Agent框架升级为更接近 Claude Code 的工程化系统:分层记忆检索、Top-5 预取、Coordinator 六角色协同、Verification Agent 强证据验收、命令前置安全管线、缓存与成本治理。适用于需要“多Agent不空转、记忆不瞎...

1· 2.6k·32 current·34 all-time
by@e2e5g
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Claude-Grade multi-agent collaboration) align with the included JS/TS code (memory systems, coordinator, verification, safety, cost). That said, the registry metadata claims no install spec/instruction-only, yet the bundle includes an install.sh, package.json, and many source and dist files — an inconsistency between the declared packaging and the delivered artifacts.
!
Instruction Scope
SKILL.md and demos remain focused on multi-agent orchestration, but AGENT_PROMPTS explicitly instructs agents to crawl many external platforms (Weibo, Zhihu, 抖音, B站, WeChat, etc.) using tools like web_search and extract_content_from_websites. Those operations imply network access and possibly credentials or scraping behavior not declared in the registry. The demo/example also uses safety.audit('curl https://example.com/install.sh | bash') as an example input — highlighting that the package is intended to reason about and potentially audit arbitrary shell commands. While in-scope for an orchestration toolkit, these instructions broaden the runtime surface and could result in collecting/transmitting external data.
!
Install Mechanism
Registry lists no install spec, yet the archive contains install.sh that runs 'npm install' and 'npm run build' and then executes node dist/example.js. Running npm install will fetch third-party packages and can execute lifecycle scripts (postinstall), which increases risk. The presence of package.json and a build step means the package is not purely instruction-only; the install path is potentially high-risk unless the dependency graph and scripts are reviewed.
Credentials
The skill declares no required env vars or credentials, which is plausible for a local JS library. However, included materials (agents/openai.yaml, prompts referencing web_search/extract_content_from_websites and examples that imply Claude/OpenAI usage) suggest it is intended to interoperate with external LLM services and web tooling. Those integrations would typically require API keys or platform tool access that are not declared. This mismatch (no declared credentials despite clear external integration points) is noteworthy.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The package creates local memory directories via install.sh (memory/ai_system/...), and demos read/write local memory and run node scripts — behavior consistent with a local library. It does not request elevated system-wide privileges or claim to modify other skills. No 'always: true' or other high-privilege flags were observed.
What to consider before installing
This package appears to implement the claimed multi-agent features, but exercise caution before installing or running it. Specific recommendations: - Do not run install.sh or npm install without inspection. Open and audit package.json, package-lock.json, and any npm lifecycle scripts (preinstall/postinstall/build) to see what external packages and scripts will run. - Review dist/index.js and the listed dist/* files for any code that makes network requests, posts data to external endpoints, or executes child processes. Pay attention to any hard-coded URLs or calls to curl/fetch/http(s). - Inspect AGENT_PROMPTS.md and other prompt files: they instruct scraping many social platforms and using tools (web_search, extract_content_from_websites). Decide if you want the agent to have network access and whether you need to provide API keys; if so, prefer supplying keys with least privilege and monitor usage. - Because the package will run npm install/build, consider installing and testing it inside an isolated environment (container, VM) and run static analysis and dependency vulnerability checks before giving it network access. - Ask the publisher for provenance: source is 'unknown' and no homepage is provided. Prefer packages with an identifiable maintainer or a public repo to review changes and history. If you want, I can: parse package.json/scripts to highlight risky lifecycle scripts, list the top dependencies, or scan the dist files for outbound network calls — tell me which file(s) to inspect first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97791g8aj0cvt29ehtd096kzd845y5z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments