Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Multi-Agent Create
v1.1.0Create new OpenClaw agents and connect them to messaging channels (Telegram, Discord, Slack, Feishu, WhatsApp, Signal, Google Chat). Includes workspace scaff...
⭐ 1· 101·0 current·0 all-time
byfocusailab@joansongjr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the included instructions and helper script: it scaffolds a workspace and calls openclaw CLI commands to register agents and prompt channel logins. However SKILL.md implies automatic configuration of the gateway config (adding channel account entries and bindings), while the included scripts only create workspace files and call 'openclaw agents add' — they do not update openclaw.json or write channel credentials. That is an inconsistency between claimed automation and actual implementation.
Instruction Scope
The instructions tell the agent to ask the user to paste sensitive credentials (bot tokens, app secrets) directly into the conversation and to provide a path to a service-account JSON file on the server. Accepting secrets via chat increases risk (they become part of conversation history and potentially agent memory). The skill also instructs running CLI commands that will access local config (openclaw.json) and run QR-based login flows — these are expected, but the guidance to 'send me the path to the JSON file on this server' could lead the agent to read arbitrary local files beyond its declared scope.
Install Mechanism
This is an instruction-only skill with no install spec; the only code included is a simple helper shell script shipped with the skill. No external downloads, package installs, or extracted archives are requested.
Credentials
The registry metadata declares no required env vars, which is coherent. But runtime behavior expects sensitive credentials (bot tokens, app secrets, and a service-account JSON path). Requesting these credentials is plausible for connector setup, but asking users to paste them into chat or to provide local file paths is higher-risk and not explicitly limited to the minimal set needed. The helper script does not consume or store those credentials, so there is ambiguity about where they will ultimately be stored — which increases concern.
Persistence & Privilege
The skill is not marked always:true and has default autonomous invocation settings. The helper script writes only to the user's OpenClaw state directory (default ~/.openclaw/workspace-groups) and makes a backup of openclaw.json; it does not modify other skills' configs or request system-wide privileges.
What to consider before installing
This skill mostly does what it says, but there are gaps and some risky instructions you should consider before installing:
- Do not paste bot tokens, app secrets, or service-account JSON contents into a chat with the agent unless you understand and accept that those values may be stored in conversation history or memory. Prefer using the CLI or editing openclaw.json directly with proper file permissions.
- The helper script creates workspaces and calls 'openclaw agents add' but does not actually write channel account entries into openclaw.json. Expect to manually update your gateway config (openclaw.json) with channel credentials and bindings, and inspect the backup file the script creates before applying changes.
- When asked for a filesystem path to a service account JSON, avoid sending the file contents over chat. If the agent needs the file, ensure the file is accessible only to trusted processes and consider performing configuration locally via the CLI instead of handing paths/contents to the agent.
- The skill owner is unknown and there is no homepage; if you plan to use this in production, review the openclaw.json edits you make, verify who will have access to stored tokens, and prefer manual credential provisioning or secure secret storage (vaults) over pasting secrets into chat.
If you can get answers to these: where channel credentials are stored after you paste them, whether the agent will persist secrets to disk, and an explicit step-by-step for how openclaw.json is modified, that would raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97c1bmqbhsjet3zh2vdvgggch83b81d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.