Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CatchClaw
v3.7.5Search, install, and export agentars and teams from the CatchClaw marketplace. Use when the user wants to find, install, or package agent templates or teams.
⭐ 2· 448·0 current·0 all-time
bykissrain@lovelcp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (agentar manager) aligns with what is present: a bundled Node CLI (agentar_cli.mjs) and SKILL.md that document searching, installing, exporting agentars and teams. Required binaries (node) and documented config paths (~/.agentar, ~/.openclaw/...) are expected for this functionality.
Instruction Scope
SKILL.md restricts actions with hard-gates (verify bundled CLI version before any operation) and documents exact commands. It explicitly reads/writes agent/workspace and team directories and can overwrite the main workspace when --overwrite is chosen. The instructions also allow storing an API key to a local skills/.credentials file when --api-key is used. These behaviors are within the scope of an agentar manager but carry real risk to user data if used carelessly (workspace overwrite, locally-stored credentials).
Install Mechanism
No remote install/download step for the skill itself — it's instruction-only with a bundled CLI file. The bundled agentar_cli.mjs uses only Node built-ins (no external downloads required by the skill). This is low-risk compared with arbitrary remote downloads.
Credentials
No required environment secrets; two optional env vars (AGENTAR_API_BASE_URL, AGENTAR_HOME) are reasonable for overriding defaults. The documented optional storage of an --api-key in a local credentials file is justified for agentars that require backend auth but is a sensitive action and is clearly documented as optional.
Persistence & Privilege
Skill is not always-enabled, is user-invocable, and does not request elevated platform privileges. It reads/writes only its own and OpenClaw agent-related paths; it does not modify other skills' configuration. The main persistent risk is accidental workspace overwrite or saving API keys locally, both documented and gated by user prompts.
Assessment
This skill appears to do exactly what it claims: it provides a bundled Node CLI to manage agentars and teams and operates on the documented agent/workspace directories. Before using it: (1) follow the SKILL.md hard-gate and run the bundled CLI version check (node <skill-dir>/agentar_cli.mjs version) in a safe sandbox; (2) back up ~/.openclaw/workspace before any install that might use --overwrite; (3) avoid supplying an API key unless necessary — if you do, note it will be saved locally under the skill (skills/.credentials); (4) although the CLI claims GET-only network behavior, reviewers should inspect the full agentar_cli.mjs (or run it in an isolated environment) to be certain; and (5) if you have sensitive agent state, prefer exporting/backing up first rather than installing new agentars that overwrite the main workspace.agentar_cli.mjs:57
Environment variable access combined with network send.
agentar_cli.mjs:64
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97chq7bk36fmcdxew5bn7crq5844znd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📦 Clawdis
Binsnode
Config~/.agentar, ~/.openclaw/workspace, ~/.openclaw/agentar-workspaces, ~/agentar-exports, ~/.openclaw/agentar-teams