agent-creator-skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: agent-creator-skill Version: 1.0.6 The skill provides automated agent creation by executing shell/PowerShell scripts that modify the core application configuration file (~/.openclaw/openclaw.json) and execute CLI commands. While these actions are consistent with the stated purpose in SKILL.md and README.md, the use of 'ExecutionPolicy Bypass' in PowerShell and direct file system modification via inline Python scripts in create_agent.sh constitute high-risk behaviors that could be leveraged for unauthorized configuration changes if the agent is manipulated.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad request could leave a new independent agent with unwanted behavior in your OpenClaw environment.
The skill is explicitly designed to create persistent peer agents. This is disclosed and purpose-aligned, but the artifacts do not describe confirmation, cleanup, or containment controls for those new agents.
automatically create, configure, and initialize other **independent Agents (not sub-agents)**
Require the assistant to show the agent ID, display name, workspace path, and full persona prompt before creation, and provide a documented undo/removal process.
If the generated persona contains unsafe, overly broad, or prompt-injection-like instructions, those instructions may persist in the new agent and affect future work.
The generated persona is sent to the new agent as identity and operating instructions, creating persistent behavioral context from generated/user-derived text without a required review step.
FULL_MESSAGE=$(printf 'Remember your identity and operating instructions:\n%s' "$PERSONA")
Review and sanitize the generated identity prompt before injection, avoid secrets in persona text, and add guardrails that reject unsafe or policy-bypassing instructions.
On Windows, the skill may fail or depend on a script that was not included for review.
The skill instructs Windows users to run a PowerShell helper, but the supplied manifest contains no create_agent.ps1 file. That execution path is therefore unreviewed or nonfunctional, and ExecutionPolicy Bypass increases the importance of provenance.
powershell -ExecutionPolicy Bypass -File "{baseDir}/create_agent.ps1"Do not use the Windows path unless the PowerShell script is supplied, reviewed, and matches the documented behavior; declare all required binaries and files in metadata.
A malformed or unexpected agent ID could create unintended workspace paths or cause unexpected OpenClaw CLI behavior.
The script uses the generated agent ID directly in an OpenClaw CLI call and workspace path. SKILL.md describes the ID as snake_case, but the script itself does not enforce that constraint.
AGENT_ID=$1
WORKSPACE_DIR="$HOME/.openclaw/workspace-${AGENT_ID}"
openclaw agents add "${AGENT_ID}" --workspace "${WORKSPACE_DIR}"Validate agent IDs with a strict allowlist such as ^[a-z][a-z0-9_]{0,63}$ before using them in paths or CLI commands.