Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alter Manager
v1.0.0分身管理 - 创建、列出、删除独立的 agent session(分身)。触发场景:用户要求创建分身、创建独立 session、管理多个对话、列出分身、删除分身、移除 session。支持 label 从用户指令中识别或主动询问。
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to manage agent '分身' sessions which justifies reading and manipulating session data and calling session RPCs. However, the SKILL.md instructs running the 'openclaw' CLI and directly accessing ~/.openclaw/agents/main/sessions/sessions.json while the registry metadata lists no required binaries or tools. That mismatch (un-declared CLI dependency) is incoherent and should be explained/rectified.
Instruction Scope
Instructions direct the agent to read a user-local sessions.json in the home directory, write a workspace state file (session-manager.state.json), call sessions_spawn/sessions_send, and invoke a gateway CLI for deletion. Reading ~/.openclaw/... may expose session/transcript data; the routing-mode rule of being 'silent' could make forwarded actions less transparent to the user. The docs also hardcode 'agent:main' key prefixes and paths which may not be valid in all environments.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be written to disk by an installer. That reduces install-time risk. However, runtime actions still require local CLI/tools and filesystem access, which are not covered by an install step.
Credentials
No environment variables or external credentials are requested (consistent with local session management). Still, the skill accesses local session files and archived transcripts — access to these files can contain sensitive conversation data, so the lack of declared required permissions is notable.
Persistence & Privilege
The skill does write a local state file under the workspace to persist routing state, which is reasonable for its function. It does not request 'always: true'. The combination of autonomous invocation (default) plus file reads/writes means a compromised or buggy skill could access session transcripts repeatedly — consider limiting autonomy or requiring user consent for file access.
What to consider before installing
Before installing, ask the skill author to: (1) declare any required binaries (e.g., the 'openclaw' CLI) in the metadata; (2) confirm and parameterize the paths (don't hardcode '~/.openclaw/agents/main/...'/agentId) so it works with non-'main' agents; (3) explain exactly what session/transcript files will be read or archived and whether transcripts may contain sensitive data; and (4) clarify whether the skill will act autonomously on behalf of the user and how confirmations are obtained. If you must install: ensure the openclaw CLI is from a trusted source, run in a test environment first, and restrict the skill's access to only the directories it needs (or require explicit user confirmation before reading/deleting any transcripts).Like a lobster shell, security has layers — review code before you run it.
latestvk97e75t80d1n002pppc9xp4nys844xmg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.