Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GSwitch
v1.0.1Orchestrates a virtual engineering team with 7 roles working sequentially: Think, Plan, Build, Review, Test, Ship, and Reflect via shared memory coordination.
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to orchestrate a build→test→deploy workflow but does not declare any required binaries, environment variables, or credentials even though roles reference deployments, CI checks, real browser testing, and tools like 'exec', 'sessions_spawn', 'Claude Code', and image generators. Deploy and CI actions normally require repo/infra credentials and platform tools; their absence is an incoherence (either the skill assumes broad platform privileges or the documentation is incomplete).
Instruction Scope
SKILL.md and role files instruct agents to run commands via 'exec', open real browsers for E2E testing, spawn subagents, and repeatedly APPEND to a shared-memory folder while explicitly asking to 'INCLUDE file paths!'. That creates a risk of exposing internal filesystem structure or sensitive paths. The instructions also set runTimeoutSeconds: 0 (no timeout) in examples, enabling potentially unbounded agent runs if platform enforces that value. The guidance is broad and grants agents discretion to read/write project files and spawn fixes, which can be reasonable for automation but is not constrained or scoped here.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). That lowers risk from arbitrary downloads. Installation is manual copying and config edits; no download URLs or extracted archives are present.
Credentials
No environment variables or credentials are declared, yet roles require actions that normally need secrets (deploying to production, running CI, accessing repos, image APIs). The skill repeatedly instructs including file paths in shared memory (potentially exposing secrets or config locations). Tools and services referenced (Claude Code, dalle/minimax-image, exec) are not declared as required resources. This mismatch suggests incomplete or under-specified privileges and raises the chance the skill will either fail or implicitly rely on broad platform permissions.
Persistence & Privilege
always is false (good). The skill instructs creating agents and modifying OpenClaw config and a shared-memory directory; that requires the user to write to workspace/config files but the skill does not request to be force-included. Autonomous invocation of agents and spawning subagents is core to the design; combined with the other concerns (no credential declarations, APPEND-ONLY shared memory containing file paths, unlimited runTimeout) this increases blast radius if misused. No evidence the skill modifies other skills or system-wide settings beyond the user's OpenClaw config.
What to consider before installing
What to consider before installing: 1) The skill's docs tell agents to run commands, open real browsers, spawn child agents, and include file paths in a shared-memory log — this can leak project structure and sensitive paths. 2) The skill references deploying to production and running CI but declares no credentials or required tools; decide where the agents will get repo/cloud access and don't point shared-memory at sensitive directories. 3) Set safe defaults before use: change runTimeoutSeconds from 0 to a finite limit, restrict spawn depth and concurrency, and sandbox any exec capability. 4) Review and sanitize the shared-memory path and the append format; avoid storing secrets or full absolute paths there. 5) Only run this on a non-sensitive workspace or in a sandboxed environment until you confirm behavior. 6) If possible, ask the author for an explicit list of required binaries/APIs and the minimal credentials needed (and why), and request documented safeguards for exec/sessions_spawn and deployment steps. Additional information that would reduce my concern: an explicit list of required tools/credentials and clear safeguards (time limits, sandboxing, least-privilege instructions) showing how deployments and exec calls are authorized and contained.Like a lobster shell, security has layers — review code before you run it.
latestvk97bdcf92tdymywp4k7vran63983r2e8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.