ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Subagent Collaboration

v1.0.0

多子代理协作分析与构建技能。自动分析 OpenClaw 中多个子代理的能力、使用模式和协作关系,智能推荐协作模式(并行/串行/分层/竞争/会诊/接力),生成协作流程设计和安全配置。适用于复杂任务分解、多专家会诊、工作流编排等场景。

0· 77·0 current·0 all-time
by@nanlinsec-sys
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scripts: analyzer, workflow generator, and security checker. However package.json / SKILL metadata require both python3 and node while all primary runtime code is Python; node is not used, so the declared binaries are slightly disproportionate. Overall capability aligns with purpose, but metadata includes an unnecessary node expectation.
!
Instruction Scope
Scripts read and write files outside the skill directory using a hardcoded WORKSPACE = "/Users/nanlin/.openclaw/workspace" (reads docs/subagent-roles-v2.md and MEMORY.md; writes analysis and reports). This means the skill will access local OpenClaw workspace files (which may contain session history, config, or sensitive data) without declaring that access. The SKILL.md instructs running the scripts directly, but does not warn users about the absolute path behavior.
Install Mechanism
There is no install spec (instruction-only with code files), so nothing is automatically downloaded or extracted at install time — lower install risk. The presence of package.json suggests optional Node packaging, but no install step is provided and no remote downloads are referenced.
!
Credentials
No credentials or env vars are requested, which superficially looks minimal, but the scripts access a specific user workspace path directly instead of using a configurable env var. That implicit local file access is a form of required local privilege not declared in metadata. The node requirement in metadata is unnecessary for the shipped Python scripts.
Persistence & Privilege
The skill does not set always:true and does not modify other skills' configs. It does write output files into the hardcoded workspace path (persistent files), which is normal for a local analyzer but should be noted as persistent activity in user storage.
Scan Findings in Context
[ABSOLUTE_WORKSPACE_PATH] unexpected: scripts/analyze_subagents.py, generate_workflow.py and security_check.py use WORKSPACE = "/Users/nanlin/.openclaw/workspace". Accessing a hardcoded absolute path to a user's home/workspace is not declared in metadata and can read session/history/config files.
[SESSIONS_SPAWN_LITERAL] expected: The skill generates code that calls sessions_spawn and the analyzer looks for sessions_spawn in MEMORY.md — this is consistent with the skill's purpose of creating agent workflows.
[PACKAGE_JSON_NODE_REQUIREMENT] unexpected: package.json and SKILL metadata indicate node is a required binary, but shipped runtime is Python; Node appears unnecessary for the provided scripts.
[NO_PRE_SCAN_INJECTION] expected: Pre-scan injection signals reported as none detected.
What to consider before installing
This skill appears to do what it claims (analyze subagents, generate workflows, run security checks) but it reads and writes files in a hardcoded workspace path (/Users/nanlin/.openclaw/workspace) which may contain session history, configs, or other sensitive data. Before installing or running: 1) Inspect the three Python scripts yourself (they are included); 2) Modify the scripts to use a configurable WORKSPACE (or pass a safe path) instead of the hardcoded path; 3) Run them in a sandboxed or non-privileged account (or container) first to see what files they read/write; 4) Remove the unnecessary node requirement or confirm why node is needed; 5) Check outputs for any unexpected external network calls (the scripts shown do not make network requests, but generated workflows could spawn agents that do). If you cannot review or sandbox them, consider not installing or request an author-provided version that parameterizes workspace path and documents file access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c2nw6m5t1r0hpgacphsxcdx83w0jq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binspython3, node

Comments