ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawCompany

v1.0.0

AI virtual team collaboration system with PM/Dev/Review agents for automated software development. Use when users request creating, building, or implementing...

0· 75·0 current·0 all-time
by@felix-miao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (AI virtual team with PM/Dev/Review agents) aligns with the code and SKILL.md: the package spawns subagents (runtime=subagent) and an 'opencode' dev agent. However registry metadata indicated no required environment variables while both SKILL.md, README, and source code require GLM_API_KEY (and read PROJECT_ROOT/GLM_MODEL/DRY_RUN/VERBOSE). That mismatch between declared requirements and actual code is an incoherence that should be clarified.
!
Instruction Scope
SKILL.md and the source include explicit system prompts and direct calls to sessions_spawn/sessions_history. The skill instructs subagents (and an external 'opencode' agent) to run with a supplied task and sometimes a cwd/project path. This is expected for a code-generation orchestration tool, but it also grants spawned agents contextual access to the specified project directory (cwd) and sends user requests to remote agents. SKILL.md contains prompt-like system directives (e.g., 'return only JSON') and a pre-scan flagged 'system-prompt-override' pattern — expected for agent definitions but worth flagging because skill content can attempt to influence agent/system behavior.
Install Mechanism
There is no external download or extract in the manifest; this is essentially an instruction-plus-source package. No install spec was provided in the registry metadata (instruction-only), so nothing appears to fetch arbitrary third-party binaries at install time. A package-lock is present with many dependency entries, but package.json lists only devDependencies and a peer dependency on 'openclaw' — no suspicious remote install URLs were found.
!
Credentials
The code and README require GLM_API_KEY (GLM-5) and optionally PROJECT_ROOT, GLM_MODEL, VERBOSE, DRY_RUN. The registry metadata listed no required env vars — a clear inconsistency. Requesting GLM_API_KEY is proportionate to running PM/Review agents on GLM-5, but the missing declaration in metadata increases risk because users may not be warned. The skill does not request unrelated cloud credentials, but it does include passing projectPath/cwd to spawned agents which could expose local project files under that path to the agents.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable. It does not attempt to modify other skills or system-wide settings in the provided code. It uses platform session APIs (sessions_spawn/sessions_history) which is normal for this kind of skill.
Scan Findings in Context
[system-prompt-override] expected: SKILL.md intentionally defines system prompts for PM/Dev/Review agents, so finding 'system-prompt-override' is expected; nevertheless it increases risk because the skill's prompts can influence agent behavior and could attempt to override safeguards. Review the prompts for harmful or overly permissive instructions.
What to consider before installing
What to check before installing: - Clarify the metadata: the registry says no required env vars but the skill and README require GLM_API_KEY — ask the publisher or inspect the source to confirm required environment variables. - Limit the GLM API key: if you provide one, use a scoped or low-privilege key and rotate it if used for testing. - Run in dry-run and/or a disposable directory first: set DRY_RUN=true and PROJECT_ROOT to an empty test folder to avoid exposing real project files; the spawned agents are given cwd/projectPath and could access files under that directory. - Inspect prompts and agent tasks: SKILL.md contains system prompts and 'return only JSON' directives — review them to ensure there are no instructions that would leak secrets or override safety policies. - Prefer installing from a verified source: README references a GitHub repo and ClawHub; confirm publisher identity and check the repository history for tampering. - If you rely on this skill in production, request the maintainer add declared requires.env metadata (GLM_API_KEY, PROJECT_ROOT) so installs properly inform users. If you want, I can produce a concise checklist / commands to safely test this skill (dry-run, sandboxed directory, which files to inspect in the repo).
!
SKILL.md:30
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

ai-teamvk9782x17p0fh637g9ncyd0dyah8391d5latestvk9782x17p0fh637g9ncyd0dyah8391d5productivityvk9782x17p0fh637g9ncyd0dyah8391d5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments