Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AgentScale
v0.1.2Deploy web apps and APIs to a public URL with a single command.
⭐ 0· 698·1 current·1 all-time
byJoão Bonchristiano@jpbonch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (deploy web apps to a public URL) match the implementation: register() obtains an API key, deploy() runs tar to package the current directory and POSTs it to an API, list()/account() call the API. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and code instruct packaging the current working directory and uploading it to the service. This is expected for a deploy tool, but it means arbitrary files in the project may be sent to the remote API. The code includes a reasonable exclusion list for common secrets and config files, and SKILL.md documents tar as required, but users should still ensure no sensitive files are present in the directory when deploying.
Install Mechanism
There is no install spec in the skill manifest (instruction-only). Source includes a normal Node CLI implementation and package metadata; no arbitrary remote download or archive-extract install steps are present in the skill bundle that would write unknown code to disk beyond normal CLI usage.
Credentials
The skill declares no required env vars, but supports AGENTSCALE_API_URL override (documented in SKILL.md). Code also imports dotenv/config, which will load a .env file into process.env when the CLI runs. These are coherent with a configurable client, but they increase risk: setting AGENTSCALE_API_URL to an attacker-controlled endpoint would send the saved API key and uploads to that endpoint (the SKILL.md warns about this). saveApiKey writes the API key to ~/.agentscale/config.json with 0o600 permissions (appropriate), and the code avoids requiring unrelated credentials.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. The only persistent artifact is ~/.agentscale/config.json which stores the API key with restrictive permissions. The skill does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says (package your project and upload it to agentscale). Before installing/using it: 1) double-check the API base URL (AGENTSCALE_API_URL) — if you override it you will send your API key and uploads to that host; only point it at trusted endpoints. 2) Be careful what you run deploy from: the tool tars and uploads your current directory (the code excludes many common secret paths, but custom or unexpected secret files could still be included). 3) Note the CLI loads dotenv (.env) into the environment at runtime; don't keep secret credentials in an .env you don't want read by the tool. 4) The API key is stored under ~/.agentscale/config.json with restrictive permissions (0o600). If you need higher assurance, inspect the upstream repository/package (package.json points at a GitHub repo) and verify the API domain (https://api.agentscale.co) is legitimate before giving it access to your code. If you want me to, I can check the referenced GitHub repo or review any network endpoint you’re specifically concerned about.Like a lobster shell, security has layers — review code before you run it.
latestvk9773vgx54b0a1hkqynt1jd0cn81c7xc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.