Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Multi Agent V101
v1.0.1Architecture guide for running multiple specialized AI agents on a single OpenClaw server. Covers workspace isolation, agent roles, shared memory, Telegram r...
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi-agent architecture guide) aligns with the SKILL.md content: workspace isolation, rate-limit strategies, Telegram routing, monitoring, backups, and self-healing. The recommended commands and file layout are coherent with a guide for running multiple agents on one server.
Instruction Scope
Instructions tell the operator to create ~/.openclaw workspaces, edit openclaw.json with botToken entries and auth-profiles (API tokens), symlink skills between workspaces, set up cron self-healing scripts that restart the gateway and docker services, and back up auth-profiles and memory directories. Those steps are within the stated purpose but involve handling and moving sensitive credentials and creating persistent automation—actions that increase risk if followed blindly.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest install risk (nothing is downloaded or written by the skill itself).
Credentials
The skill metadata declares no required env vars or primary credential, but the instructions explicitly require placing bot tokens and multiple service tokens into openclaw.json and auth-profiles (multi-token strategy) and recommend backing those files up. This mismatch (sensitive credentials used but not declared) is a notable inconsistency and increases the chance of accidental credential exposure.
Persistence & Privilege
The skill does not request 'always:true' and does not itself install persistent code, but it advises setting up cron-based self-healing and watchdogs that will persistently restart services and manipulate docker compose stacks. That creates persistent automation on the host and should be treated as an operational decision rather than something to enable without review.
What to consider before installing
This is a sensible architecture guide, but be careful before you follow its operational steps verbatim: 1) The SKILL.md expects you to add Telegram bot tokens and other API tokens to openclaw.json / auth-profiles even though the skill metadata doesn't declare any credentials — treat that as a manual step and don’t paste secrets into files you don’t control. 2) Backups and cron self-healing scripts will copy and restart services; ensure backups exclude or encrypt auth-profiles and memory files containing secrets, and review any restart scripts to avoid unintended restarts (and run them with least privilege). 3) Symlinking or sharing skills between workspaces can leak specialized skills or secrets—verify what each skill contains before sharing. 4) Don’t run the example self-healing script or docker-compose restarts without adapting paths and confirming which services will be affected. 5) If you plan to publish or share this skill, the author should declare the credential requirements explicitly (e.g., bot tokens, API tokens) so users understand the sensitivity. If you want, I can highlight exact lines to redact or recommend safer alternatives (e.g., using environment variables, encrypted vaults, or avoiding storing tokens in repo-formatted files).Like a lobster shell, security has layers — review code before you run it.
latestvk97eyg95gh4vf77tsmvavravjx846v8f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.