ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

multi-agent-writer

v1.0.1

Use when requests involve writing articles, generating news, fetching hotspots, or producing content for social media (WeChat, Xiaohongshu, etc.). Triggers i...

1· 54·0 current·0 all-time
by@gonelake
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be a multi-agent writer and the included scripts and SKILL.md describe exactly that workflow (search -> generate -> review). However the registry metadata lists no required environment variables or primary credential while SKILL.md clearly documents a needed LLM API key (LLM_API_KEY/LLM_BASE_URL/LLM_MODEL). This is an inconsistency: a writing/LLM skill reasonably needs an API key, so the manifest omission is surprising and should be corrected.
Instruction Scope
Runtime instructions stay within the stated purpose: call DuckDuckGo (ddgs) for hotspots and call LLM provider APIs to generate/review content. The instructions do expect access to a .env LLM_API_KEY for production, can run python main.py (demo or production), and will perform network calls to search engines and LLM endpoints. There is no evidence in the provided files of unrelated file-system harvesting or hidden exfiltration, but the code that performs network/LLM calls is fetched from the remote repo at install time (see install mechanism).
!
Install Mechanism
install.sh clones https://github.com/gonelake/multi-agent.git (un-pinned branch) into ~/.skills/multi-agent and may pip install requirements.txt. Cloning an external GitHub repo at install time means arbitrary remote code will be written and later executed on your machine; there is no pinned commit, checksum, or release linking in the installer. While GitHub is a common source, this pattern increases risk compared to a fully-contained, vendored skill.
!
Credentials
The registry declares no required env vars or primary credential, but SKILL.md documents LLM_API_KEY and optional LLM_BASE_URL/LLM_MODEL and production mode requires them. Asking for an API key for LLM access is proportionate to the stated function, but the manifest's omission is a red flag (it prevents automated gating/review of secrets requirements). The skill also supports multiple external LLM endpoints (including a default base_url pointing at api.moonshot.cn), so users should be aware networked model providers will receive content.
Persistence & Privilege
always:false and default autonomous invocation are fine. The installer registers a SKILL.md into agent skill directories (~/.codebuddy/.claude/.openclaw), i.e., it writes files to those agent folders, which is expected for installing a skill. It does not appear to change other skills' configurations or request permanent elevated privileges beyond writing into user home paths.
What to consider before installing
This skill appears to be a multi-agent content generator and is broadly coherent with that purpose, but take these precautions before installing: - Expect to provide an LLM API key (LLM_API_KEY) for production; the registry metadata does not list it — verify and be prepared to store this secret appropriately. - The installer will git-clone a remote GitHub repository (un-pinned) into ~/.skills/multi-agent and may pip install its requirements. Review the remote repo (https://github.com/gonelake/multi-agent) and the code it contains before running install.sh. Prefer a pinned commit or release tag if possible. - Running the skill can send text (hotspots and generated drafts) to external LLM endpoints; the SKILL.md defaults to api.moonshot.cn. If you cannot trust that endpoint, change LLM_BASE_URL or use demo mode. - Run install and first executions in a sandboxed environment or VM, inspect requirements.txt, and run pytest locally to validate behavior. - Ask the author/registry to update the manifest to declare required env vars and primary credential, and to avoid cloning un-pinned branches (or provide checksums/tags). If you need higher assurance, request a vendored distribution (no remote clone) or an install that pins a commit or release.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bczqyv94z7cjzpkf8cbj33h83wx6w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments