Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Forge
v1.0.0Create and deploy independent OpenClaw agents via an 11-step interview, generating personalized files, configuring tools, channels, permissions, and updating...
⭐ 0· 170·0 current·0 all-time
by@limoxt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (create and deploy agents, configure channels/tools, update registries) matches the provided scripts and SKILL.md: deploy-agent.sh scaffolds workspaces, registers the agent in the main AGENTS.md, create config.json and scaffold files; the SKILL.md describes Claude writing SOUL/IDENTITY/AGENTS and patching gateway config. Nothing obvious is requested that is unnecessary for the stated goal. Note: automatic gateway config changes are powerful but plausibly needed to allow inter-agent comms.
Instruction Scope
Runtime instructions direct writing and editing of many user files under ~/.openclaw (workspaces, AGENTS.md, config.json) and explicitly instruct updating gateway config (allowAgents, agentToAgent.allow, sessions.visibility). They also require Claude to generate and repair core agent files autonomously. Those actions go beyond simple scaffolding because they change system-wide visibility/allow-lists and grant inter-agent communications; the SKILL.md gives broad discretion (self-heal, immediate patching) which increases risk if misused.
Install Mechanism
No install spec or remote downloads. The skill is instruction-heavy with three local scripts only. There is no evidence of network-based install or arbitrary code fetched at install time.
Credentials
The skill declares no required env vars or credentials (scripts use OPENCLAW_HOME with a sensible default). However SKILL.md instructs performing gateway config.patch (system-level config changes) which typically requires admin/API privileges not declared here. The lack of an explicit required credential or declared privilege for modifying gateway settings is a transparency gap and should be clarified before use.
Persistence & Privilege
The skill does not request always:true and is user-invocable, but it explicitly instructs automatic updates to global gateway configuration (sessions.visibility -> 'all', agent allow lists). Modifying global gateway settings is a high-impact change — the skill can enlarge inter-agent communication scope and should only be allowed with explicit admin consent and review. The scripts also edit main AGENTS.md (team registry), which is a cross-agent artifact.
What to consider before installing
This skill appears to implement what it claims (scaffolding agent workspaces, registering agents, and generating files), but it also asks to automatically modify global gateway configuration and write system-wide files. Before installing or running it: 1) Review deploy-agent.sh and remove-agent.sh line-by-line and test them in a safe sandbox or throwaway environment to confirm their behavior. 2) Back up your ~/.openclaw workspace and main AGENTS.md and any gateway config before allowing automatic patches. 3) Confirm who/what will execute gateway config.patch and that appropriate admin credentials/approval are required — the skill does not declare those credentials. 4) Limit tool permissions and sandbox level for new agents (avoid 'none' sandbox and be cautious granting exec/web_fetch/subagents). 5) Verify the platform’s audit/logging so you can track changes to gateway config and agent registries. 6) If you cannot accept automatic global config changes, do not permit autonomous patching — instead require a manual, reviewed change request. If you want more confidence, provide the exact gateway config API/CLI used and confirm which credential or role is required for config.patch so the permission gap can be evaluated.Like a lobster shell, security has layers — review code before you run it.
latestvk97fywek4f8ad66y3t8qfgjmfh82ywcg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.