Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Paperclip Resilience
v1.1.0Production resilience patterns for Paperclip AI agent orchestration. Spawn-with-fallback, model rotation, run recovery, blocker routing, and task injection —...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The modules (spawn-with-fallback, run-recovery, model-rotation, blocker-routing, task-injection) align with the skill description: they orchestrate Paperclip + OpenClaw runs, rotate models, and detect/recover failures. However, the skill requires Paperclip API credentials and provider API keys (documented in SKILL.md and present in code) but the registry metadata declares no required environment variables — that's an inconsistency.
Instruction Scope
SKILL.md instructs running node scripts that call OpenClaw/ Paperclip endpoints and read config.json. The included code goes further: it queries Paperclip APIs, may create issues, scans session transcripts under ~/.openclaw, reads referenced Tasks/Journal/Project board markdown files, writes state to ~/.openclaw/model-rotation-state.json, and can POST to configurable webhooks. Those behaviors are within the stated resilience purpose but broaden the runtime surface (local home-directory file access + network requests to configurable endpoints).
Install Mechanism
No installation/download step is present (instruction-only installation via clawhub). No external binary downloads or package installs are required by package.json — low install mechanism risk.
Credentials
The code expects several environment variables (e.g., PAPERCLIP_API_URL, PAPERCLIP_API_KEY, PAPERCLIP_COMPANY_ID, PAPERCLIP_AGENT_ID, PAPERCLIP_PROJECT_ID, PAPERCLIP_RESILIENCE_CONFIG, optional BLOCKER_* env vars), and SKILL.md warns that multiple LLM provider API keys must be configured. Yet the registry metadata lists no required env vars. This is a mismap: the skill legitimately needs sensitive credentials (Paperclip API key and provider keys) but the manifest doesn't declare them, which can mislead operators about the privileges the skill will use.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It persists state and logs under the user's home (~/.openclaw and configured paths) and writes config/state files (model-rotation state, potential blockers journal, config.json). This is expected for an orchestration tool but means it will create and read persistent files in user home and therefore should be run with appropriate permissions and file-path review.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: Static pre-scan reported no injection signals. However, absence of findings is not proof of safety: the package includes network calls and file I/O that should be audited manually.
What to consider before installing
What to check before installing / running this skill:
- Credentials: The skill needs Paperclip API credentials (PAPERCLIP_API_URL, PAPERCLIP_API_KEY, PAPERCLIP_COMPANY_ID, etc.) and at least one or two LLM provider API keys for fallback behavior. The registry metadata did not list these env vars — do not assume none are required. Provide least-privilege keys and use scoped API tokens where possible.
- Config review: Inspect config.json (and config.example.json) before use. The skill will read/write files under your home directory (defaults: ~/.openclaw/*, ~/.openclaw/model-rotation-state.json, optional Tasks.md and Journal files). Make sure paths and fallbacks point to providers you control.
- File access & privacy: Blocker-routing scans session transcripts and may read markdown files referenced in agent outputs; if you enable webhook routing, these findings could be POSTed to an external URL. Ensure webhook endpoints are trusted and consider disabling webhook routing if unsure.
- Network endpoints: paperclip-issue-gate and run-recovery call the Paperclip API (PAPERCLIP_API_URL). Confirm the API_URL and keys are correct and limited. Review where any configured webhook URLs point before enabling them.
- State persistence: model-rotation stores state in a JSON file by default (~/.openclaw). If you need ephemeral operation, change statePath or run with an isolated account/container.
- Test in isolation: Run the provided tests and dry-run flags (e.g., --dry-run) in a safe environment to observe behavior before scheduling cron jobs. Prefer using --no-write or mocks for API calls when validating.
- Audit and mitigate: Because the registry omitted required env vars, treat this package as having incomplete metadata. If you will deploy it in production, request the author/maintainer clarify the declared required environment variables and consider running it in an isolated runtime with scoped credentials.
If you want, I can list all env vars and file paths referenced by the code and suggest minimal scoping for credentials and filesystem locations.src/spawn-with-fallback.js:376
Shell command execution detected (child_process).
src/lib/paperclip-issue-gate.js:19
Environment variable access combined with network send.
src/run-recovery.js:35
Environment variable access combined with network send.
src/run-recovery.js:84
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk978w39m9kqh4fded3pmje5m1s83p4hh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis