ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ChatDev 2.0 Multi-Agent Team

v0.1.0

Invoke ChatDev ability units (workflows) via local API (port 6400). Use when the user needs specialized agent workflows like data visualization (from CSV), o...

0· 166·1 current·1 all-time
by@na-wen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (invoke local ChatDev ability units on 127.0.0.1:6400) align with the SKILL.md: all endpoints are local and relate to browsing, running, uploading, and managing ability unit YAMLs.
!
Instruction Scope
Instructions explicitly allow uploading/updating ability unit YAMLs (which may include fields like base_url and api_key), instruct using absolute file paths as 'attachments', and tell the agent to move output directories into the working directory. While these are within a 'workflow management' scope, they introduce risks: (1) uploaded workflows could instruct the local service to call external services or include credentials; (2) attaching absolute paths enables referencing arbitrary local files (which the server may read); (3) moving output directories implies filesystem operations. The SKILL.md grants broad discretion to upload/modify workflows without guidance on safety or provenance of those YAMLs.
Install Mechanism
Instruction-only skill with no install steps or external downloads. This minimizes install-time risk because nothing is written or fetched by the skill itself.
Credentials
The skill declares no required env vars or credentials, which is coherent. However example upload payloads show placeholders like ${BASE_URL} and ${API_KEY} embedded in uploaded YAML content; that pattern could be used (by the server or workflows) to reference or resolve credentials, so absence of requested credentials in metadata does not eliminate the possibility that workflows will attempt to use or prompt for secrets.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and does not install or modify other skills. It simply instructs the agent to talk to a local API. That is appropriate for its purpose.
What to consider before installing
This skill talks to a local service at 127.0.0.1:6400 and lets you run, upload, and modify YAML workflows. Before using it: (1) confirm you actually run a trusted ChatDev server on that port (unknown source/homepage is a red flag); (2) do not upload or run unreviewed YAMLs—they can instruct the local server to call external APIs or embed/require secrets; (3) avoid supplying absolute paths to sensitive files (attachments may cause the server to read them); (4) check what the local server does with outputs and whether workflows can exfiltrate data; and (5) if possible, run the service in an isolated environment and inspect workflow YAMLs (especially any that reference ${API_KEY}, ${BASE_URL} or other placeholders) before allowing execution. If you can provide the local server's code or documentation (how placeholders are resolved, network egress rules, and auth for the local API), that will materially improve confidence.

Like a lobster shell, security has layers — review code before you run it.

chatdevvk97d2es1s3f650p6k2sf6jdtc18331nvlatestvk97d2es1s3f650p6k2sf6jdtc18331nvmulti-agentvk97d2es1s3f650p6k2sf6jdtc18331nv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments