ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shared Workspace

v0.1.2

Use this skill to discover similar GitHub work, attach to shared agent workspaces, and coordinate tasks via .shared files.

0· 577·0 current·0 all-time
by@nativ3ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (discover similar GitHub work, attach to shared workspaces, coordinate via .shared files) matches the SKILL.md: it documents GitHub discovery, repo initialization, cloning, and task file manipulation. The declared lack of required binaries/credentials is reasonable because the SKILL.md marks GitHub env vars as optional.
Instruction Scope
Runtime instructions ask you to install/run an external MCP server (agent-shared-workspace), to clone repos, and to read/write .shared/* files under repo paths. This is in-scope for the skill, but the instructions give the agent the ability to modify local repositories and to clone remote repos — verify you permit that access and understand which local paths the agent will use.
Install Mechanism
There is no registry install spec, but SKILL.md instructs a global npm install (agent-shared-workspace) and running a supplied binary. Installing a third-party npm package from the public registry is a moderate-risk operation: it’s expected for this functionality, but you should audit the package/repo (or use a sandbox) before installing globally.
Credentials
The SKILL.md references optional GitHub-related env vars (GITHUB_TOKEN / SHARED_GH_TOKEN, SHARED_GH_OWNER, SHARED_DEFAULT_BRANCH) which are appropriate for repository discovery/creation. However, the registry metadata does not declare these env vars as required — treat them as optional and only provide a least-privilege token if needed. No other unrelated secrets are requested.
Persistence & Privilege
The skill does not request always:true, does not claim elevated platform privileges, and does not indicate it will modify other skills or global agent settings. Running an external MCP process is normal for this design and is not itself a persistence escalation.
Assessment
Before installing or running this skill: inspect the npm package and linked GitHub repo (agent-shared-workspace / pokke1/h1dr4) to ensure it matches expectations; if you must provide a GitHub token, create a least-privilege token (read-only unless you need repo creation/push) and avoid sharing workspace paths you don't want agents to modify. Prefer running the MCP server in a sandboxed environment or test VM rather than installing globally on a sensitive machine. If anything about the package source looks unfamiliar or unreviewable, decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk977m2pa43z12qy2annmczmezn81hzd5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments