Clawdbot Knowledge
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill bundle contains a massive collection of scripts and documentation for a highly complex multi-agent system ('DeepALL', 'AXIOMATA') with broad capabilities including autonomous file modification, code generation, and system integration. While the stated purpose is advanced AI orchestration, several scripts like 'axiomata_deepall_enterprise_integration.py' and 'mcp_server_integration.py' perform high-risk operations such as writing Python code to arbitrary paths (e.g., '/home/deepall/Deepallsaas/backend') and modifying system configurations. The presence of hardcoded OpenAI assistant IDs and references to internal server paths across numerous files suggests a highly customized environment, but the broad permissions and self-modifying code logic warrant a 'suspicious' classification due to the potential for unintended system-wide impact.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked broadly, the agent could process or reorganize more local or business data than the user intended and connect it to database/search workflows.
The skill combines broad file organization, database integration, and indexing without stating allowed paths, approval requirements, or rollback boundaries.
scattered_files = self.organize_scattered_files(); mongodb_integration = self.integrate_mongodb(scattered_files); search_index = self.create_search_index(scattered_files)
Use only with explicit user-selected paths and read-only defaults; require separate approval before any file, database, or workflow mutation.
The skill may need access to sensitive databases, backups, or deployment systems without making those privilege boundaries clear to the user.
These roles imply privileged database and infrastructure authority, but the registry declares no credentials, environment variables, or scoped permission model.
**database-agent** - Datenbank-Management ... **backup-agent** - Backup und Wiederherstellung ... **deployment-agent** - Deployment-Automatisierung
Grant only least-privilege test credentials, avoid production deployment/backup access by default, and require explicit confirmation for privileged actions.
Private files or prompt-like documents could be stored and later reused as context, potentially exposing data or influencing future agent behavior.
The skill describes persistent database/search indexing of scattered files, but does not define path limits, exclusions, retention, or safe reuse rules.
**MongoDB-Manager** ... **Status**: Skalierbar, persistent ... search_index = self.create_search_index(scattered_files)
Require explicit include/exclude lists, retention limits, user review of indexed content, and rules that retrieved documents cannot override current user/system instructions.
Old bundled instructions could affect responses or tool selection if the orchestration/search system retrieves them without treating them as untrusted historical text.
The package contains prior conversation and agent-behavior instructions. If these files are indexed and later treated as authoritative context, they could redirect the agent away from the current user's intent.
Silent Replies ... responds with ONLY: NO_REPLY ... user: Use the "mcp-orchestral" skill for this request.
Do not index prior chat logs or system-prompt-like files by default; label retrieved content as untrusted evidence and prevent it from changing operating instructions.
A mistaken or unsafe output from one agent or workflow could be trusted and propagated to other agents or systems.
The skill coordinates many agents and workflows, but does not describe identity, origin, permission, or data-boundary checks between agents and MCP/Flowise components.
Flowise-Workflows orchestrieren ... agent_coordination = self.coordinate_agents(workflows) ... Koordination der 27-28 Super-Agenten
Define per-agent permissions, authenticate MCP/Flowise endpoints, log handoffs, and require approval before one agent's output triggers high-impact actions.
The system could create or coordinate autonomous agents beyond the user's immediate request if those instructions are acted on literally.
The bundled documentation describes unlimited/dynamic agent creation and scaling without showing user approval limits, timeouts, or a containment model.
Capabilities: Unlimited agent creation and management capabilities ... Implement dynamic agent scaling and resource management
Disable dynamic agent creation by default, set hard per-run limits and timeouts, provide a kill switch, and require explicit user approval for each new agent or long-running worker.
Users may not know which included scripts or code files are expected to run, making review harder.
The package is marked instruction-only while the manifest lists 38 code files and shell start/stop scripts; no automatic execution is shown, but the runtime/provenance contract is incomplete.
No install spec — this is an instruction-only skill.
Inspect the included code before running it and ask the publisher to document the intended entry points, dependencies, and setup steps.