ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coding Agent Orchestrator

v1.0.1

Control Varie Workstation sessions (Claude Code multi-session orchestration). Use when: (1) user wants to work on / start / resume a coding project, (2) chec...

0· 179·0 current·0 all-time
by@masqueradeljb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and required binary (wctl) align with a Workstation session controller. However, the SKILL.md expects access to ~/.openclaw/workspace/pending-prompts.json and to local screenshot files, yet the registry metadata declares no required config paths. That mismatch (instructions needing local OpenClaw workspace files but metadata not declaring them) is an incoherence.
!
Instruction Scope
The runtime instructions tell the agent to read a local file (~/.openclaw/workspace/pending-prompts.json), run wctl commands that can control sessions (create/dispatch/interrupt/escape) and capture screenshots, and then transmit captured images via the messaging tool or CLI fallback. Those actions legitimately belong to a workstation orchestrator, but they involve reading local state and capturing/sending potentially sensitive screen contents — and the skill's metadata does not advertise or restrict that access.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. No additional packages are downloaded or installed by the skill itself, which minimizes install-time risk.
!
Credentials
The skill requests no environment variables or credentials (appropriate), but the instructions access local files and artifacts (pending-prompts.json, discovered repo paths, screenshot files) without declaring required config paths. The absence of declared config paths or explicit permission statements is disproportionate to the metadata and makes the access less transparent.
Persistence & Privilege
always=false and the skill is user-invocable; it does not request forced persistent inclusion. Autonomous invocation (model invocation enabled) is normal and not flagged by itself.
What to consider before installing
This skill appears to be a legitimate controller for Varie Workstation via the wctl CLI, but pay attention to what it will read and send: SKILL.md tells the agent to read ~/.openclaw/workspace/pending-prompts.json, scan/discover local repos, capture screenshots, and send image files through the messaging tool or CLI. Before installing, confirm you trust the wctl binary and the skill's source (check the GitHub repo). Ask the publisher to (1) declare the config path(s) the skill reads, (2) confirm exactly what will be transmitted (screenshots may include secrets), and (3) document any messaging fallbacks that use channel/target values. If you want to limit risk, run wctl and this skill in an isolated account/container, or require a manual approval step before dispatching actions or sending screenshots. Because metadata doesn't list the file access the instructions perform, treat this as suspicious until the author clarifies the intended file accesses and privacy implications.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jezrdq1cqwpkbgfq650ps982s091

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis
Binswctl

Comments