Agent Deploy
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its deployment purpose, but it automatically copies existing API/auth profiles into each new agent and changes persistent agent/Telegram configuration.
Install only if you are comfortable with new agents inheriting existing API credentials. Prefer a dedicated least-privilege profile, verify agent names are simple, and check or clean ~/.openclaw/agents/<id>/agent/auth-profiles.json, workspaces, and config backups when removing agents.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A newly deployed agent may inherit API keys or account access intended for the main agent, which could spend quota or access services if the new bot is misused or compromised.
The helper copies all global auth profiles and main-agent auth profiles into a new per-agent auth-profiles.json file, giving the new agent broad access to existing provider credentials rather than only the Telegram bot token.
global_profiles = config.get("auth", {}).get("profiles", {}) ... main_auth_path = os.path.expanduser("~/.openclaw/agents/main/agent/auth-profiles.json") ... json.dump(merged, f2, indent=2)Do not copy all credentials by default; prompt the user to select least-privilege profiles, clearly declare credential access in metadata, and clean copied auth files when an agent is removed or a deployment fails.
Malformed agent names could create unexpected workspace paths, invalid config entries, or routing problems during high-impact config updates.
The user-provided agentId is used in filesystem paths and OpenClaw config-key paths, while the script only shows token validation and relies on SKILL.md instructions for the agentId format.
AGENT_ID="${1:?Usage: deploy.sh <agentId> <botToken> [workspace_path]}" ... WORKSPACE="${3:-$HOME/.openclaw/workspace-$AGENT_ID}" ... $OC config set "channels.telegram.accounts.$AGENT_ID" "$ACCT_JSON"Add code-level validation such as ^[a-z0-9-]+$, reject path separators and dots, and fail safely before any backup, directory creation, or config mutation.
The new bot and agent may continue receiving messages and using configured resources until explicitly removed and cleaned up.
The skill intentionally creates a persistent, Telegram-reachable agent. This is purpose-aligned, but it remains active after the deployment task.
Creates isolated workspace at `~/.openclaw/workspace-<agentId>/` ... Adds routing binding: `<agentId>` -> `telegram:<agentId>` ... Adds Telegram account with the bot token
Track deployed agents, use dedicated bot tokens, monitor the gateway, and remove unused agents and credentials when no longer needed.
The skill may fail or use whatever local python3/openclaw binaries are on PATH; provenance should be considered before trusting it with agent configuration and credentials.
The registry metadata provides limited provenance and no binary requirements even though the skill's documented flow runs bundled shell/Python scripts and the OpenClaw CLI.
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Verify the publisher/source, review the bundled scripts before use, and declare required binaries and capabilities in metadata.