ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Skill Gastown

v0.1.4

Multi-agent coding orchestrator using Gas Town (gt) and Claude Code. Use for ANY non-trivial coding task — multi-file changes, new features, refactors, bug fixes, anything involving code that needs to compile/run/test. Delegates work to parallel Claude Code agents (polecats) with git-backed persistent state, work tracking (beads), and coordination. Use when a task involves more than a single file edit or quick script.

0· 2.2k·4 current·4 all-time
by@saesak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to manage Gas Town (gt) and Beads (bd) agents — that matches the SKILL.md/README. However the registry metadata declares no required binaries or env vars, while the documentation and setup script clearly require/expect: gt, bd, go, claude CLI, tmux, wget, and a ~/gt workspace (git access). The omission of these runtime requirements is an incoherence that matters for security and usability.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to run gt / bd commands via Bash and to follow the 'GUPP' principle: if work exists on a hook, run it immediately. That grants the agent the authority to execute arbitrary build/branch/test/merge operations and to run code discovered in user repos or hooks without additional human confirmation. The instructions also direct symlinking, gt up, gt doctor, and mailbox commands that read/write the user's workspace and git state.
Install Mechanism
There is no packaged install spec; this is instruction-only plus scripts/setup.sh. The setup script downloads Go from go.dev (official), extracts to $HOME/local, and uses `go install` to fetch gt and bd from GitHub. These are standard mechanisms, but they write to the user's home, modify PATH via .bashrc, and run network fetches at install time. No unknown/personal servers or URL shorteners are used.
!
Credentials
The skill declares no required environment variables, but its runtime behavior implicitly needs access to the user's filesystem (~/gt, repositories), git credentials for clone/push operations, and the claude CLI (which implies an API/token stored locally). The skill can operate on local repos and branches and may read/write/execute repository files — these privileges are larger than the metadata indicates and should be explicitly declared.
!
Persistence & Privilege
always:false (good), but the skill is designed for autonomous operation (GUPP) and the platform default allows autonomous invocation. Combined with instructions that tell the agent to immediately execute any hooked work, this enables the agent to autonomously run code found in your workspace and perform git operations. Autonomous invocation alone is normal, but here it amplifies risk because the agent is instructed to execute unreviewed work.
What to consider before installing
This skill is coherent with being a Gas Town orchestrator, but it contains several red flags you should consider before installing: - Missing declarations: The metadata lists no required binaries or env vars, yet SKILL.md and scripts require gt, bd, Go, claude CLI, tmux, wget, and access to ~/gt and git — confirm these dependencies and that you are comfortable granting filesystem/git access. - Arbitrary execution risk: The instructions explicitly tell the agent to execute any work it finds on hooks (the 'GUPP' rule). That means an agent using this skill can run build/test/merge steps and arbitrary repo code without further human approval. If you have sensitive repositories or secrets in your environment, this is risky. - Install action: setup.sh fetches Go from the official site and uses `go install` to pull gt and bd from GitHub. If you prefer control, run these steps yourself in an isolated environment (VM/container) instead of letting the agent run them. Recommended mitigations before enabling: 1. Review SKILL.md and scripts/setup.sh line-by-line and inspect any formulas or .beads files in repos the skill will touch. 2. Run setup steps manually in a disposable VM/container; do not allow the agent to run them autonomously. 3. Do not grant this skill access to repositories with secrets or production credentials. Create a dedicated test workspace (~/gt) for trial runs. 4. Consider disabling autonomous invocation (if your platform allows) so the agent prompts you before running any gt/bd commands. 5. Verify git credential usage (use least-privilege deploy keys or read-only clones where possible). 6. If you proceed, monitor the first runs closely and restrict the skill to user-invoked usage until you’re confident in its behavior. If you want, I can list the exact places in SKILL.md and scripts where commands will execute and what filesystem paths they touch so you can audit them more quickly.

Like a lobster shell, security has layers — review code before you run it.

latestvk972ge5kcp6f381w84ajycf73n80fjj0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments