Agent Recruiter
WarnAudited by ClawScan on May 18, 2026.
Overview
This is a plausible OpenClaw agent-creation helper, but it copies existing auth profiles to new agents and uses unsafe setup scripting that could execute unintended code or over-grant access.
Install or run this only if you trust the publisher and are comfortable modifying your OpenClaw configuration. Back up ~/.openclaw/openclaw.json and existing auth profiles first, avoid untrusted or unusual agent names/IDs, and prefer removing the automatic auth-profiles copy until credentials are explicitly scoped for each new agent.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A newly created agent may inherit Mike's account/API access and act with more authority than the user intended.
The script copies an existing agent's auth profiles into each new agent directory instead of creating or selecting a scoped credential profile.
cp "$AGENTS_DIR/mike/agent/models.json" "$AGENT_DIR/"
cp "$AGENTS_DIR/mike/agent/auth-profiles.json" "$AGENT_DIR/"Do not copy full auth-profiles.json by default; require explicit user approval, document the credential scopes, and create least-privilege auth profiles for each new agent.
A crafted agent ID, name, or group ID could break out of the generated JavaScript string and run unintended local code during setup.
User-controlled arguments are interpolated directly into JavaScript executed by node -e, without JSON encoding or escaping.
node -e ... config.agents.list.push({ id: '$AGENT_ID', name: '$AGENT_NAME', ... }); ... id: '$GROUP_ID' ...Pass values to Node through argv or environment variables and encode them with JSON.stringify; also validate allowed characters for agent IDs and group IDs.
Malformed or malicious agent IDs could create files in unintended locations under the user's home/OpenClaw environment or corrupt agent configuration.
The only visible validation checks for non-empty input, then the agent ID is used in paths and later global config updates.
AGENT_ID="$1" ... if [[ -z "$AGENT_ID" || -z "$AGENT_NAME" ]]; then ... AGENT_DIR="$AGENTS_DIR/$AGENT_ID/agent" ... mkdir -p "$AGENT_DIR"
Restrict agent IDs to a safe pattern such as lowercase letters, numbers, and hyphens; reject slashes, dot-dot path segments, quotes, and control characters before writing files.
Created agents may continue receiving messages and acting after the initial setup task.
The skill intentionally creates resident agents, registers them in OpenClaw, routes group messages to them, and restarts the gateway.
基础用法 - 创建常驻 Agent(绑定群聊) ... 更新 openclaw.json(添加 agent 和 binding) ... 重启 Gateway
Before running the script, confirm which group the agent will join, how to disable the binding, and how to remove the agent if it misbehaves.
Information written into a created agent's memory may influence future behavior or retain sensitive operational details.
The generated agent workspace includes persistent memory files intended to be reused across future tasks.
memory/ ... YYYY-MM-DD.md ... MEMORY.md # 长期记忆
Review what the created agents store in memory, avoid saving secrets, and periodically clean or audit memory files.
Users may not be warned at install time that the skill runs local CLI commands and restarts the OpenClaw gateway.
The script depends on Node.js and the OpenClaw CLI, while the provided registry requirements declare no required binaries or install specification.
node -e ... fs.writeFileSync('$CONFIG_FILE', JSON.stringify(config, null, 2) + '\n'); ... openclaw gateway restartDeclare required binaries and clearly document the local commands and gateway restart behavior in the skill metadata.