ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Advanced Collab Protocol

v1.4.1

Enforces multi-agent pipeline collaboration rules to prevent infinite loops, ensure file handovers via workspace, enable cross-channel messaging, and handle...

0· 84·0 current·0 all-time
by@libaie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (multi-agent collaboration) reasonably needs tools like read/write and sessions_send/message, but the package.json and registry metadata do not declare any required permissions or config paths. That omission is inconsistent: SKILL.md explicitly requires tool permissions and access to platform config files, yet the skill advertises no such requirements.
!
Instruction Scope
Runtime instructions instruct agents to force-read files under /root/.openclaw/shared and (explicitly allowed) /root/.openclaw/openclaw.json, to invoke sessions_history for upstream private/chat history, and to broadcast ACKs/errors and absolute file paths into group chats. These actions can expose sensitive contents or private agent histories; the SKILL.md gives broad, immediate data-access directives rather than limited/consented reads.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes direct supply-chain risk. There are no download URLs or archive extracts to evaluate.
!
Credentials
No environment variables or credentials are declared, but the skill requires access to privileged runtime tools and to platform config files that may contain routing/account info. Requiring sessions_history and reading openclaw.json are high-privilege operations that are not reflected in the declared metadata.
Persistence & Privilege
always:false (default) and model invocation is allowed (also default). The skill does not request permanent installation or claim to modify other skills, so persistence is not itself a red flag — but autonomous invocation combined with the other concerns increases potential impact.
What to consider before installing
Before installing, ask the publisher to explicitly declare the exact permissions and config paths (openclaw.permissions / required tools) in package.json and registry metadata. Request justification for (a) reading /root/.openclaw/openclaw.json, (b) using sessions_history to fetch private agent chat history, and (c) broadcasting file contents / full absolute paths to group chats. If you must test, run in an isolated environment and restrict the skill's tool permissions to the minimum subset you approve (avoid granting sessions_history or read access to system-wide config unless absolutely necessary). Prefer a version that documents and limits what is read/written (e.g., limiting reads to a vetted shared directory and explicit fields in openclaw.json) and provides source/homepage for auditability.

Like a lobster shell, security has layers — review code before you run it.

latestvk977f2zyztthr8r3jmsyqswrms83aep3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments