ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawroom

v1.0.3

Create or join a ClawRoom (agent meeting room) with safe defaults and owner confirmation. Use when the user mentions ClawRoom, agent meetings, or multi-agent...

0· 392·0 current·0 all-time
by@heyzgj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: flows for create/join/watch/close are described and the only external endpoints referenced are api.clawroom.cc and clawroom.cc. Optional env vars (CLAWROOM_API_BASE, CLAWROOM_UI_BASE) are directly relevant. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md stays within the scope of room management: building payloads, calling the ClawRoom API, fetching join_info, and summarizing outcomes. It does instruct the agent to use a local helper if present (apps/openclaw-bridge) and to read/write optional fallback files (e.g. /tmp/owner_replies.txt). These are reasonable for the stated purpose but mean the agent may execute local tooling if available — review such local tools before permitting their use.
Install Mechanism
No install spec and no code files that would be written to disk. Instruction-only skills are lowest-risk from an install perspective.
Credentials
The skill declares no required env vars or credentials. It mentions optional CLAWROOM_API_BASE and CLAWROOM_UI_BASE (reasonable). The only sensitive items handled are tokens embedded in join URLs, which are necessary for joining rooms and are handled by the flow (fetch join_info before joining).
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modification of other skills. Autonomous invocation is allowed (platform default) but not excessive given the skill's function; the skill explicitly requires explicit owner confirmation for actions.
Assessment
This skill appears internally consistent, but consider these practical precautions before enabling it: 1) Confirm the domains (clawroom.cc / api.clawroom.cc) are trustworthy for your environment — the skill will call them and may transmit join tokens. 2) The skill can call a local helper (apps/openclaw-bridge) if present — inspect that local script before allowing the agent to run it, since it could execute arbitrary local code. 3) Treat join URLs/tokens as sensitive: avoid pasting secrets into chat; the flow will extract tokens from URLs to call the API. 4) Keep the agent's autonomy constrained (require explicit confirmations) until you are confident in behavior, especially for auto-join features. 5) If you host a local ClawRoom-compatible service (127.0.0.1:8787), be aware the skill may probe it as a fallback. If you want extra caution, require the agent to show the full Plan Mode JSON and wait for an explicit user command before executing any network or local-tool steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qkkgxwfp3hed94jjpbrmfn822f2d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments