Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Spawn Subagent
v1.0.1Spawn isolated subagents to handle long-running, complex, or blocking tasks without stalling the main session. Use when: a task will take more than 30 second...
⭐ 0· 45·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description align with the instructions: it teaches how to spawn and manage subagents. However, examples in SKILL.md reference external CLIs (e.g., `gog`) and account environment variables (e.g., GOG_ACCOUNT=owner@company.com) that are not declared in the skill metadata. That omission is an incoherence (the examples imply needing external tools/credentials even though none are required in the manifest).
Instruction Scope
The runtime instructions explicitly tell subagents to read files (/tmp/*, .learnings/ERRORS.md), environment variables, call web searches, and fetch emails/calendar data. Those actions can involve sensitive data. The SKILL.md also suggests embedding env var values and CLI commands in task descriptions. While these actions are within the general purpose of delegation, the instructions give broad discretion to access arbitrary file paths and env vars without constraining or declaring them — increasing risk of unintended data access or exfiltration.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest install risk: nothing will be downloaded or written by an installer. The scanner had no code to analyze.
Credentials
The skill declares no required environment variables or credentials, yet examples routinely reference account env vars and external services (email/calendar access). That gap is disproportionate: if users follow examples they will need credentials, but the skill metadata gives no indication of what will be required or stored. This mismatch reduces transparency and could lead to accidental exposure of secrets when users craft task descriptions.
Persistence & Privilege
always:false (default). The skill is user-invocable and allows model invocation (platform defaults). It does not request persistent presence or attempt to modify other skills or system-wide configs.
What to consider before installing
This skill is an instruction guide for delegating work to subagents and appears to do what it claims, but be cautious:
- Examples reference external CLIs (e.g., `gog`) and account env vars (GOG_ACCOUNT) that the skill metadata does not declare. Verify what platform binaries/CLIs your agent actually has and whether those tools require credentials.
- The SKILL.md encourages referencing arbitrary file paths and env vars and demonstrates fetching emails/calendar events — these can expose sensitive data if a subagent is given broad access. Before using, confirm how your platform isolates subagents and what filesystem/env access they have.
- Prefer explicit, minimal task descriptions: only include the exact paths and credentials the subagent truly needs; avoid embedding secrets in task text.
- If you must run email/calendar tasks, ensure the provider credentials are scoped to least privilege and that subagents cannot exfiltrate results to unknown endpoints.
What would reduce risk: the skill declaring required binaries/credentials (or noting none are needed), and explicit guidance on permission/isolation boundaries for subagents. If you can, test with non-sensitive sample data first.Like a lobster shell, security has layers — review code before you run it.
latestvk978gy0dsq82wvgq8qmbnfsme184280p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.