ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dispatchi (Ralph Loop)

v0.1.1

Launch non-blocking interactive Claude Code tasks for slash-only plugins like ralph-loop. Use when a task needs interactive slash commands and completion cal...

0· 399·1 current·1 all-time
byXi ErDe@edxi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (launch interactive Claude Code tasks for slash-only plugins) matches what the scripts do: spawn Claude CLI sessions in tmux, capture output, and manage runs. Included files (a wrapper and shell launcher) are coherent with the stated purpose.
Instruction Scope
SKILL.md simply delegates to scripts/run_dispatchi.sh, and that script limits env file parsing to an allowlist, writes results to per-run directories, and launches tmux + a local claude CLI. The runtime does not attempt to read arbitrary files or source env files, but it does expect/require runtime binaries (tmux, jq, python3, sha1sum, claude, etc.) that are not declared in the skill metadata. The script can also enable callbacks (ENABLE_CALLBACK=1), which would cause external network interactions when explicitly enabled.
Install Mechanism
No install spec (instruction-only with bundled scripts) — nothing is downloaded at runtime and code is bundled with the skill. This is a low install-risk pattern.
!
Credentials
The skill declares no required env vars, but the script reads a local env file (allowlisted keys only) and exports variables such as OPENCLAW_CONFIG, OPENCLAW_TELEGRAM_ACCOUNT, and CLAUDE_CODE_BIN. Some of these (e.g., OPENCLAW_CONFIG) may point to files containing sensitive tokens; callbacks are disabled by default but can be enabled via ENABLE_CALLBACK=1, which would allow network interactions (e.g., Telegram group) if configured. The presence of many optional but potentially sensitive env keys is disproportionate unless you intend to integrate OpenClaw/Telegram/claude on that host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and runs as a transient tmux session. It writes run outputs and logs under configurable result/log directories (defaults are user-home paths), which is expected behavior for this utility.
What to consider before installing
This skill appears to do what it says (start interactive Claude Code sessions in tmux), but check these before installing: - Verify required runtime binaries are present: python3, tmux, jq, sha1sum (coreutils), and the claude CLI at CLAUDE_CODE_BIN. The metadata did not list these, so the script may fail if they are missing. - Inspect any dispatch.env.local you provide — the loader exports allowlisted keys (OPENCLAW_CONFIG, OPENCLAW_TELEGRAM_ACCOUNT, etc.). Those can reference config files or credentials; only supply values you trust. - Keep ENABLE_CALLBACK disabled (default 0) unless you intentionally want the skill to post callbacks to Telegram/group hooks. Enabling callbacks may cause network activity and should be configured deliberately. - Confirm the claude binary you point to (CLAUDE_CODE_BIN) is trusted, since it will make network calls to the Claude service. - Consider running the script in a controlled environment (non-production user account) first to verify output/log locations and behavior. If you want me to, I can list the exact commands the scripts invoke and a checklist of binaries/paths to validate on your host.

Like a lobster shell, security has layers — review code before you run it.

latestvk970gs32cqyhvbb38ke4jc9m7n81zft8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments