ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Create Agent

v1.0.0

Creates new Overstory agents for Overclaw by updating all seven integration points (config, manifest, agent-def, gateway prompt, task_router, generate_agent_...

0· 371·5 current·5 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (create Overstory agents) align with the included scripts and SKILL.md: the code updates the seven listed integration points (config, manifest, agent-defs, gateway prompt, task_router, generate_agent_context, and regeneration). Modifying other workspace scripts (task_router.py, generate_agent_context.py) is expected for this capability.
Instruction Scope
SKILL.md and the scripts are explicit about actions: they read TROUBLESHOOTING.md, logs, project tree, and may call 'mulch' and run the generate_agent_context.py script. This is within the advertised scope, but the scripts will read files in the workspace and in the user's home (e.g., ~/.openclaw/logs) and can spawn subprocesses — so they have broad local file access consistent with their purpose.
Install Mechanism
No install spec; the skill is instruction+script only. No external downloads or archive extraction are present in the package. The code does rely on Python and optional third-party modules (PyYAML) and on external CLI tools (e.g., mulch, gateway tools) if analysis/regeneration features are used.
Credentials
The registry lists no required env vars, which is reasonable. The scripts do read optional environment variables (NANOBOT_WORKSPACE, OPENCLAW_WORKSPACE, and template references to $GATEWAY_TOOLS) and the user's home log directory. No cloud or secret credentials are requested. Access to workspace and home log files is broad but justified by the analysis features.
Persistence & Privilege
always:false (no forced persistence). The script does modify other files in the workspace and other skills' scripts (e.g., nanobot-overstory-bridge), which is necessary for its goal but increases impact if run by an autonomous agent. Autonomous invocation is allowed by default; combine that with file-modifying behavior when deciding trust.
Assessment
This skill appears to do what it says: it edits multiple files in your workspace to register new agents and can analyze logs/docs to suggest agents. Before installing or running it, backup your workspace (or test in a disposable clone), run create_agent.py with --dry-run or --suggest-only first, and inspect the two script files yourself. Note the scripts may call external tools (mulch, generator scripts) and will read files under the workspace and your home (~/.openclaw/logs). If you plan to allow autonomous agent invocation, be aware a compromised or buggy agent could make persistent changes to these project files. If unsure, run the scripts interactively in a safe environment and ensure PyYAML and required CLI tools are installed only when needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5sbnpbsfvt2mwc10pbx1bn81wk74

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments