Proposal Service
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned, but it can directly create a real pending proposal in your local OpenClaw database using Docker/Postgres access.
Install or use this skill only in the intended OpenClaw workspace with the expected supabase-db container. Run the duplicate check before creating a proposal, confirm the hardcoded agent identity is correct, and make sure proposal text is reviewed as data rather than trusted instructions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the create command changes the OpenClaw proposal database by adding a pending proposal.
The skill runs SQL through Docker/psql and can insert a real proposal row. This is aligned with the stated purpose, but it is a direct mutation path that users should notice.
docker exec -i "$DB_CONTAINER" psql -U "$DB_USER" -d "$DB_NAME" <<SQL ... INSERT INTO public.openclaw_proposals
Use the check command first, run create only when you intend to add a proposal, and consider having a rollback or review process for created rows.
The proposal may be created with broad local database privileges and attributed to a fixed agent identity.
The script uses the Postgres database user and a fixed agent_id when creating proposals. This is visible in the code and purpose-aligned, but it bypasses finer application-level permission boundaries.
DB_USER="postgres" ... AGENT_ID="c61b873f-354c-431f-9dd7-f627120d576c" ... '$AGENT_ID'::uuid
Confirm that the hardcoded agent UUID is appropriate for the workspace and that Docker/Postgres access is limited to trusted users or agents.
The skill may fail or behave unexpectedly if the expected Docker container is absent or points to the wrong database.
The registry metadata declares no required binaries, but the shipped command depends on Docker and a specific local container name. This is an under-declared runtime requirement, not evidence of malicious behavior.
docker exec -i "$DB_CONTAINER" psql -U "$DB_USER" -d "$DB_NAME"
Document Docker and the expected supabase-db container as requirements before installation or use.
Unexpected or adversarial mission titles could be carried into a proposal that another agent or user later reads.
Mission titles are copied into the persisted proposal description. If later agents read proposals as context, those titles should be treated as data rather than trusted instructions.
COALESCE(string_agg(title, ' | ' ORDER BY created_at), '') AS titles ... 'Misiones: ' || v_titles
Sanitize or clearly quote mission titles in proposal text, and ensure downstream agents do not execute instructions found inside proposal descriptions.