agent-creator
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A new agent may inherit the main agent’s account access or provider profiles, which could let it use services or identities the user did not intend to delegate.
The helper copies the main agent's auth-profiles.json into each newly created agent, which can propagate credentials or delegated account profiles to another persistent agent.
for filename in ("models.json", "auth-profiles.json"):
src = MAIN_AGENT_DIR / filename
dst = agent_dir / filename
if src.exists():
shutil.copy2(src, dst)Before running the helper, inspect auth-profiles.json and only copy the specific credentials the new agent truly needs; consider documenting and prompting for explicit approval before credential/profile cloning.
A bad or unexpected agent ID could cause files or configuration paths to be created in unintended local locations.
The script uses the user-supplied agent_id directly in path construction without enforcing the documented lowercase/hyphen-only constraint, so malformed IDs with path separators could write outside the intended agent directory.
agent_id = sys.argv[1] ... agent_dir = OPENCLAW_DIR / "agents" / agent_id / "agent" sessions_dir = OPENCLAW_DIR / "agents" / agent_id / "sessions" agent_dir.mkdir(parents=True, exist_ok=True)
Enforce strict validation in code, such as rejecting anything outside /^[a-z0-9-]+$/, and resolve/check paths remain under ~/.openclaw before writing.
The new agent may continue to be reachable in configured chats after the setup task is finished.
The skill persistently registers a new agent, optionally binds it to Feishu group/direct chats, and restarts the gateway so the configuration takes effect. This is purpose-aligned, but it creates a lasting autonomous integration.
config["bindings"].append(binding) ... subprocess.run(["openclaw", "gateway", "restart"], capture_output=True, text=True)
Review the created openclaw.json entries and chat bindings after setup, and remove or disable agents that should no longer be active.
Information placed in the new agent’s memory files may be reused in later conversations, and bad content in those files could influence future behavior.
The generated agent instructions tell future sessions to read persistent user and memory files. This is normal for agent continuity, but those files can contain sensitive or stale instructions that future agents may rely on.
Before doing anything else: 1. Read `SOUL.md` 2. Read `USER.md` 3. Read `memory/YYYY-MM-DD.md` (today + yesterday) for recent context 4. **If in MAIN SESSION** ... Also read `MEMORY.md`
Keep the generated USER.md and memory files scoped, avoid storing secrets, and periodically review or clear memory content.