Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Employee
v1.0.0Create and manage virtual AI employees with persistent memory, defined roles, and graduated autonomy. Hire, train, and delegate tasks to specialized workers.
⭐ 2· 723·1 current·1 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the actual behavior: the SKILL.md and companion docs define creating, configuring, and running per-employee folders under ~/employee/, routing tasks, and managing autonomy. There are no declared environment variables, binaries, or external services unrelated to this purpose.
Instruction Scope
Instructions explicitly require reading and writing files in the user's home (~ /employee/, linked skill paths, and optionally user-provided documents like style guides). They also instruct the agent to 'inject memory/context.md as context' and 'spawn as subagent with employee's model' on each task. This is expected for the functionality but means the skill will access local files and include their contents in subagent contexts.
Install Mechanism
No install spec or code is provided (instruction-only), so nothing will be downloaded or written by an installer. That minimizes supply-chain risk from the skill itself.
Credentials
The skill requests no environment variables or credentials. However, employee configs explicitly contain fileAccess lists and linkable skill paths (e.g., '~/clawd/skills/researcher/'), which — if misconfigured by the user — could grant broad access to sensitive files or to other skills. The documentation relies on user-specified paths/whitelists for permissions, so the onus is on the user to keep those narrow and correct.
Persistence & Privilege
always:false (normal). The skill prescribes persistent local state under ~/employee/ (registry.json, logs, memories). It also defines auto-delegation and autonomy levels that, if enabled and granted wide fileAccess or canSpawn permissions, could allow subagents to act with reduced human oversight. The skill itself recommends safeguards (explicit approval before autonomous promotions).
Assessment
This skill is internally consistent with its purpose, but it will create and manage files under ~/employee/ and may be configured to read other directories or link to other skills. Before enabling or granting autonomy: (1) inspect and restrict employee.json fileAccess entries so they don't point to sensitive locations, (2) verify any linked skill paths point to trusted code, (3) keep autoDelegation disabled until you trust the employee's behavior, and (4) require manual confirmation before promoting employees to 'autonomous' or enabling canSpawn/canMessage. If you need extra assurance, run it in a sandboxed account or backup important files first.Like a lobster shell, security has layers — review code before you run it.
latestvk979f562y03k2ec41yghqpzwmn816s4h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
👔 Clawdis
OSLinux · macOS · Windows