Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
control-plane
v1.14.15Operate Emperor Claw as the OpenClaw control plane and durable checkpoint layer for an AI workforce.
⭐ 1· 715·0 current·0 all-time
byJose Zuma@josezuma
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (control plane / durable checkpoints) match the included bridge examples and API reference: the code registers runtimes, claims tasks, heartbeats, checkpoints memory, and connects to the declared MCP endpoint. However the registry metadata claims no required env vars while SKILL.md and the examples require EMPEROR_CLAW_API_TOKEN and other EMPROR_CLAW_* variables — an internal inconsistency.
Instruction Scope
SKILL.md and examples consistently instruct the agent to register, start sessions, call REST endpoints, open a WebSocket, persist a local bridge-state journal in a companion directory, and only write business artifacts to Emperor. The instructions reference local files (companion/state under the user's home) and outbound network calls to the remote API; these behaviors are coherent with the stated control-plane purpose.
Install Mechanism
There is no install spec; the skill is instruction-plus-examples only. The included example scripts are plain JS/Python that will run in the runtime. No remote installers or extracted archives are used — lower install risk compared to arbitrary downloads.
Credentials
The runtime requires a workspace-scoped API token (EMPEROR_CLAW_API_TOKEN) and multiple EMPROR_CLAW_* env vars (companion/state paths, agent/runtime IDs) which are appropriate for a control-plane bridge. The concern is the metadata mismatch: the registry lists "Required env vars: none" while SKILL.md explicitly requires the API token. The external endpoint (https://emperorclaw.malecu.eu) is not verified in registry metadata (source/homepage appear unknown or missing), so giving a token to this skill grants networked control-plane privileges to an external service of uncertain provenance.
Persistence & Privilege
The skill persists local bridge state under user-owned directories (~/.openclaw/emperor-control-plane by default) and does not request always:true or global system changes. It does not modify other skills or system-wide settings in the provided files. Persisted state includes cursors, dedupe journals, and agent/session IDs (not obviously secrets), but these files should be inspected for sensitive data before trusting them.
What to consider before installing
This package appears to implement a legitimate OpenClaw<->Emperor control‑plane bridge, but there are important red flags you should address before installing:
- Metadata mismatch: the registry says no required env vars, yet SKILL.md and example scripts require EMPEROR_CLAW_API_TOKEN (and related EMPROR_CLAW_* vars). Do not provide live credentials until you verify the publisher.
- Unknown external endpoint: the control plane URL is https://emperorclaw.malecu.eu. Verify the service owner (company, Git repo, homepage) and review the running service's trustworthiness before handing it a workspace API token.
- Least privilege: create a scoped API token with the minimal permissions needed for testing (read-only if possible), and rotate/delete it after testing.
- Inspect files locally: the examples persist state under ~/.openclaw/... — review those files after a run to ensure no secrets are written. The code does not appear to write the API token to disk, but confirm in your environment.
- Run in a sandbox first: test the bridge in an isolated environment or test workspace, monitor outbound connections, and review logs for unexpected transmissions.
- Ask the publisher for provenance: request a canonical homepage/repository and signed releases. The package.json points to a GitHub repo and the domain above; confirm those are legitimate and controlled by your organization or a trusted vendor.
If you cannot verify the service owner and provenance, treat the skill as untrusted and avoid supplying production API tokens or enabling it in agents that have access to sensitive data.examples/bridge.js:29
Environment variable access combined with network send.
examples/bridge.js:76
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk976drrr5g8he76m7769z0ts3s83dce9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.