ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Colmena Manager

v1.0.2

Manage and monitor multiple OpenClaw agents simultaneously, including status checks, messaging, logs, pausing, resuming, and workspace management.

0· 103·1 current·1 all-time
by@lunaviva211-sketch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (manage/monitor OpenClaw agents) align with the APIs and operations used (agents_list, sessions_list, sessions_send, message, exec/process). However the implementation uses hard-coded local paths (/home/nvi/.openclaw/...), direct filesystem manipulation (mkdir, rm -rf), and shell commands; those are plausible for workspace management but the hard-coded user path and destructive file operations are surprising and deserve scrutiny.
!
Instruction Scope
SKILL.md and the code instruct the agent to run many shell commands (tail, ls, ps, awk, mkdir, rm -rf). Several commands interpolate agent IDs or user-provided workspace names directly into shell commands (possible command injection). SKILL.md also claims a HEARTBEAT.md runs automatically every 30 minutes, but that file is not present in the manifest; the docs suggest scheduling cron jobs, which would make periodic/automatic execution possible — this scheduling and the broad file-system/process checks expand scope beyond one-off management actions.
Install Mechanism
No install spec in registry (instruction-only), and install instructions are just normal clawhub/npm commands. There are no remote downloads or extract-from-URL steps. This is low installation risk, but the package contains executable JS code that will be installed with the skill (no build or validation step).
!
Credentials
The skill declares no required credentials (good), but it performs privileged local actions: reading logs under /home/nvi/.openclaw/sessions/*, listing and removing workspace directories, and running process inspection commands. Those operations are proportionate to agent management but require filesystem and process access; combined with unsanitized shell interpolation they create a path for command injection or accidental destructive operations. The hard-coded /home/nvi path is also brittle and unexpected.
!
Persistence & Privilege
always:false (ok). However SKILL.md asserts a HEARTBEAT.md will be executed every 30 minutes (and suggests cron), implying periodic autonomous execution. The repository does not include HEARTBEAT.md in the manifest, so there's an inconsistency: either the skill expects to be scheduled externally (user-added cron) or claims an automatic heartbeat that isn't present. Periodic execution plus unmanaged shell commands and rm -rf increases risk if enabled by the user.
What to consider before installing
This skill generally does what its name says (manage a group of OpenClaw agents), but I recommend NOT installing it into production without review. Key concerns: (1) Several exec() shell commands build command lines by concatenating agent IDs or workspace names directly—this can lead to command injection if those values are controlled or malformed. (2) The skill performs destructive filesystem operations (rm -rf on workspaces) and reads files under /home/nvi/.openclaw; verify the hard-coded path and ensure the process runs with least privilege. (3) SKILL.md mentions a HEARTBEAT.md that runs every 30 minutes but that file is not present—verify how periodic checks will actually be scheduled (cron vs. built-in). (4) The source has some runtime/formatting issues (TypeScript-like 'interface' in a JS file and a likely syntax error in the healthCheck repeat line), suggesting it may fail or behave unexpectedly. Before installing: review and sanitize all uses of exec/command construction, remove or protect destructive operations, confirm scheduling behavior, test in an isolated sandbox, and consider requesting a fixed, configurable workspace path instead of /home/nvi. If you lack the ability to audit the code, treat this skill as risky.

Like a lobster shell, security has layers — review code before you run it.

agentsvk97dkhg72yhtpw08mngs564gnd834p54hivevk97dkhg72yhtpw08mngs564gnd834p54latestvk97c5f03mnhwyan10c6rd8f5es8347rbmanagementvk97dkhg72yhtpw08mngs564gnd834p54monitoringvk97dkhg72yhtpw08mngs564gnd834p54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments