Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Deploy
v2.4.0Deploy a new isolated OpenClaw agent with its own Telegram bot, workspace, and session storage. Use when user asks to create a new agent, add a new bot, or s...
⭐ 0· 439·1 current·1 all-time
by@joe7921
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the included scripts: they create workspaces, update OpenClaw config via the openclaw CLI, add Telegram accounts, and migrate single-bot setups. One notable capability is merging API keys from global and the main agent into the new agent's auth-profiles.json — functionally coherent for convenience but potentially surprising because it copies credentials between agents.
Instruction Scope
SKILL.md instructs the agent to run provided scripts verbatim. The scripts read ~/.openclaw/openclaw.json and (if present) ~/.openclaw/agents/main/agent/auth-profiles.json, write a new per-agent auth-profiles.json, and call `openclaw config set` to modify running config. They also expect the user to supply botToken as a command-line argument, which may expose it in process listings. The instructions do not warn about token exposure or require user confirmation before copying API keys, giving the agent broad discretion to read and replicate credentials.
Install Mechanism
No install spec or external downloads are present; this is an instruction + script bundle with only local files (bash and python). Nothing is being fetched from external URLs during install.
Credentials
The skill requests no declared environment variables, but the scripts access configuration files and per-agent auth files in the user's home (~/.openclaw). They merge global and main-agent API keys into the new agent, which is coherent for the task but elevates access to stored credentials. Passing the bot token as a CLI argument can leak the token via process listings; the skill does not provide an alternative secure input method.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It performs changes via the openclaw CLI and writes agent-specific files under ~/.openclaw; these are expected for a deploy tool. Autonomy (model invocation) is allowed by default but is not combined with an elevated 'always' presence.
What to consider before installing
This skill appears to do what it claims, but review and consider the following before installing or running: 1) The deploy scripts copy API keys from global config and the main agent into the new agent's auth-profiles file — confirm you want credentials duplicated. 2) The bot token is passed as a command-line argument (deploy.sh <agentId> <botToken>), which can expose the token in process listings; prefer a mechanism that avoids putting secrets on argv (e.g., read from stdin or an env var) or use a temporary token. 3) Inspect the scripts yourself (they are small and included) and verify the openclaw CLI on your system is the trusted implementation the script expects. 4) Ensure backups and file permissions (on ~/.openclaw and auth files) are acceptable; the scripts do write new auth-profiles.json under ~/.openclaw/agents/<agent>/agent/. 5) If you don't want API keys copied, run the steps manually (or modify the helper to skip merge-auth). 6) If you proceed, run the commands in a controlled environment or test instance first. These behaviors explain why I rated the skill 'suspicious' rather than 'benign' — the functionality is coherent but handles sensitive secrets in ways users should explicitly acknowledge.Like a lobster shell, security has layers — review code before you run it.
latestvk9772jwb21scbpb6yg2pghpm65829nfr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.