ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Creation

v1.0.0

Create a new OpenClaw agent with a workspace directory and SOUL.md configuration. Use when you need to create a new agent, set up an agent workspace, configu...

0· 73·0 current·0 all-time
by@openlark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md instructs the agent to run 'openclaw agents add' and related CLI commands, and to create files under ~/.openclaw/workspace-<agent-name>, but the skill declares no required binaries or install steps. If the 'openclaw' CLI is not present the commands will fail; the registry gives no source/homepage or install guidance for that binary, which is an incoherence between claimed capability and declared requirements.
Instruction Scope
Instructions stay on-task (create workspace, write SOUL.md, create memory file) and do not request unrelated system files or credentials. However the SKILL.md states the skill is "automatically activated" by keyword triggers — that could cause the skill to run whenever those phrases appear and create/modify files in the user's home directory without explicit per-run confirmation.
Install Mechanism
This is an instruction-only skill with no install spec or code files, which is low-risk from an install perspective. No downloads or archive extracts are performed by the skill itself.
Credentials
The skill does not request environment variables, credentials, or config paths beyond creating files under ~/.openclaw. There is no disproportionate access to secrets or unrelated services.
Persistence & Privilege
always:false (normal). Still, this skill will create and overwrite files under ~/.openclaw/workspace-<agent-name> (including SOUL.md and memory files), which is persistent state that defines agent behavior. Combined with the SKILL.md's stated automatic keyword activation and the platform's normal ability for skills to invoke autonomously, this could lead to unintended persistent changes or injection of agent personality/behavior without explicit user confirmation.
What to consider before installing
This skill appears to do what it says (create an agent folder and SOUL.md) but there are a few things to check before using it: 1) Confirm the 'openclaw' CLI exists on your system or that you have instructions to install it — the skill gives no install or binary requirement. 2) Review any SOUL.md content the skill will write before it's applied; SOUL.md defines agent personality and can change future agent behavior, so treat it like code/config you review. 3) Be aware the SKILL.md claims automatic activation on keyword matches; if you want to avoid unexpected runs, require explicit confirmation before executing the commands. 4) Because the skill will create/overwrite files under ~/.openclaw, consider testing in a sandbox or a disposable account/directory first. 5) Prefer skills with a known source/homepage or signed install instructions; this skill's source is unknown, which reduces traceability.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bkq08xqqhf66my5vqp9e0ps83qvf5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments