Catchclaw Agentar
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a coherent CatchClaw package manager, but it can run a bundled Node CLI that downloads, installs, overwrites, exports, and rolls back OpenClaw agent workspaces.
This skill looks purpose-aligned, but treat it like a package manager for agents: install only trusted agentars, choose “new” rather than “overwrite” unless you truly want to replace the main workspace, be careful with API keys, and review ZIP exports before sharing them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken overwrite could replace the user's active agent instructions, skills, and configuration, though the skill says it creates a backup.
The install command can overwrite the main agent workspace, which is high-impact. The artifact also includes an explicit user-selection requirement and backup behavior, making it disclosed and purpose-aligned rather than a concern.
$CLI install <slug> --overwrite ... Overwrite the main agent (`~/.openclaw/workspace`). Existing workspace is backed up automatically. **Never use without the user's explicit selection.**
Prefer installing to a new named agent unless the user clearly wants to replace the main workspace, and confirm the exact slug and mode before running install.
Installing an untrusted agentar could change how an agent behaves in future sessions.
Installing marketplace archives is the core purpose, but those archives can introduce new agent instructions, skills, and configuration. The visible artifacts show ZIP validation and clear user-facing commands, but no signature or trust verification mechanism is described.
An agentar is a distributable agent archive (ZIP) containing workspace files such as SOUL.md, skills, and other configuration. It can be installed as a new agent or used to overwrite an existing agent with a single command.
Install only agentars from sources you trust, prefer a new workspace first, and review the installed files before using them for sensitive work.
Running the skill executes local Node code and may invoke the local OpenClaw CLI as part of workspace management.
The bundled CLI can spawn the local OpenClaw binary. The code comments and shell:false setting indicate an attempt to bound this behavior, and it fits the purpose, but it is still local command execution.
const _cp = builtinModules.find(m => m.length === 13 && m[5] === '_' && m.startsWith('c'));
const { spawnSync } = _require(`node:${_cp}`);
...
return spawnSync(openclawBin, args, { ...options, shell: false });Use the skill only from a trusted installation path and run it under a normal user account, not with elevated privileges.
A provided API key may remain on disk and could be exposed if the workspace or credentials file is shared or backed up insecurely.
The skill can store a user-provided API key locally for installed agentars. This is disclosed and optional, but it is credential handling.
`--api-key <key>` — (Optional) API key to save into `skills/.credentials` for agentars that require backend authentication.
Provide API keys only when needed, use least-privileged keys, and avoid sharing exported workspaces that may contain credential files.
If memory is included in an export, private notes or long-term agent context could be packaged into a ZIP that may later be shared.
The export function can package persistent memory if the user explicitly chooses --include-memory. The default excludes memory and filters common secret filenames, which reduces but does not eliminate sensitive-data risk.
$CLI export [--agent <id>] [-o <path>] [--include-memory] ... MEMORY.md is excluded by default ... `--include-memory` — Include MEMORY.md in export
Leave memory excluded unless you intentionally want to package it, and inspect exports before distributing them.