CatchClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
CatchClaw’s artifacts match its stated marketplace-management purpose, but it can change agent workspaces and optionally handle API keys or memory exports, so users should run install/export actions deliberately.
CatchClaw appears purpose-aligned for marketplace agentar and team management. Before installing, remember that agentars can change agent instructions, skills, and configuration; prefer installing as a new named agent, avoid overwrite unless intentional, use trusted packages and least-privilege API keys, and review any export before sharing it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing an untrusted agentar could change how an agent behaves or what skills/configuration it uses.
The skill’s core function is to install remote marketplace archives that can contain agent instructions, skills, and configuration. This is disclosed and purpose-aligned, but it is a meaningful supply-chain surface.
An agentar is a distributable agent archive (ZIP) containing workspace files such as SOUL.md, skills, and other configuration. It can be installed as a new agent or used to overwrite an existing agent with a single command.
Install only agentars and teams from sources you trust, prefer version-pinned installs when possible, and consider installing as a new named agent before overwriting an existing workspace.
A mistaken overwrite could replace the main agent’s instructions, skills, or configuration, although the skill states that a backup is made.
The CLI can overwrite the main agent workspace, which is high-impact local mutation authority. The artifact mitigates this by requiring explicit user selection and automatic backup.
`--overwrite` — Overwrite the main agent (`~/.openclaw/workspace`). Existing workspace is backed up automatically. **Never use without the user's explicit selection.**
Use `--name` for new installs by default, and only choose `--overwrite` when you intentionally want to replace the main workspace and understand how to restore from backup.
A key saved for an installed agentar may be usable by that agentar’s skills or local workspace files.
The skill may persist a user-supplied API key locally for installed agentars. This is disclosed and tied to authentication needs, with no artifact evidence of exfiltration.
`--api-key <key>` — (Optional) API key to save into `skills/.credentials` for agentars that require backend authentication.
Provide API keys only for trusted agentars, use least-privilege keys where possible, and remove or rotate keys if you uninstall or stop trusting an agentar.
If `--include-memory` is used, private memory or prior context could be packaged into an export ZIP.
Export can optionally include agent memory, which may contain private or sensitive context. The default exclusion is a positive safeguard.
$CLI export [--agent <id>] [-o <path>] [--include-memory] Export an agent as a distributable agentar ZIP package. MEMORY.md is excluded by default.
Leave memory excluded unless you specifically intend to share it, and review exported ZIP contents before distributing them.
Running the CLI may invoke local OpenClaw commands as part of managing agentars or teams.
The bundled CLI contains subprocess execution support for invoking the OpenClaw binary. The visible code constrains execution with `shell:false` and trusted path lookup, making this purpose-aligned rather than suspicious on its own.
const { spawnSync } = _require(`node:${_cp}`);
...
return spawnSync(openclawBin, args, { ...options, shell: false });Run the skill only in an environment where OpenClaw workspace changes are acceptable, and keep the OpenClaw binary installed from a trusted source.