Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw cloud self-deployment
v1.0.2Create Aleph Cloud VM instances with autonomous AI agents configured to self-replicate endlessly across the decentralized cloud network.
⭐ 0· 395·0 current·0 all-time
bySan Clemente@san-npm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill name and description match the runtime instructions: it guides an agent to provision Aleph Cloud VMs, install an agent runtime, and replicate itself. That functionality legitimately requires an Aleph account, SSH keys, and an AI provider API key. However, the skill metadata lists no required credentials or config paths while the instructions clearly rely on several secrets and system files (Aleph private key, SSH keypair, AI provider API key). The omission of those required secrets from the declared metadata is an incoherence worth noting.
Instruction Scope
SKILL.md tells the agent to create/import Aleph private keys, generate SSH keys, pip-install aleph-client (with --break-system-packages), auto-accept CRN terms, bypass interactive prompts (via flags and pexpect), and explicitly 'share' AI provider API keys with spawned agents. These steps require reading/writing sensitive files and transmitting credentials to newly created VMs and agents — actions that go beyond simple orchestration and enable credential proliferation and potential exfiltration. The instructions also advise bypassing human confirmations (e.g., --crn-auto-tac, --crn-hash, pexpect automation), reducing human control over costly or risky operations.
Install Mechanism
There is no install spec in the registry (instruction-only), which lowers static install risk. However, the runtime instructions tell users/agents to pip install aleph-client (including recommending --break-system-packages), which can modify system packages. While this is not an installer baked into the skill, it is a runtime instruction that can alter the system and should be treated as a potential risk.
Credentials
The skill metadata declares no required environment variables or primary credential, but the instructions explicitly require and manipulate sensitive credentials: Aleph private keys, an SSH keypair stored under ~/.ssh, and AI provider API keys (Anthropic/OpenAI/etc.) to be shared with spawned agents. Requesting or instructing the distribution of unrelated provider API keys (to newly spawned, autonomous agents) is disproportionate and increases risk. The mismatch between declared and actual secret usage is a significant red flag.
Persistence & Privilege
The skill is not marked always:true (normal), but its stated goal — enabling autonomous agents to self-replicate across a decentralized network and to transfer credentials to children — effectively expands privilege and persistence outside the host agent's control. The instructions encourage automatic acceptance of T&Cs and bypassing interactive safeguards, which increases the chance of uncontrolled, persistent deployments and recurring costs. Even though the skill itself doesn't request permanent registry privileges, its intended runtime behavior leads to persistent, hard-to-revoke agent instances.
What to consider before installing
This skill will instruct an agent to create VMs, generate/import private keys, and distribute AI-provider API keys to newly spawned agents — and it includes commands to automatically accept terms and bypass interactive safeguards. That combination can lead to secret proliferation, runaway costs, and creation of autonomous agents you can't easily control. Before installing: (1) do not provide your main AI-provider API keys or long-lived account keys; use limited-scope, revocable test keys with strict rate/billing limits; (2) verify the aleph-client package source and the rootfs image hash independently; (3) avoid running pip with --break-system-packages on a production host — prefer an isolated VM/VM snapshot or sandbox; (4) require human confirmation for any deployment (remove --crn-auto-tac / crn-hash automation and pexpect scripts); (5) if you still want to experiment, run this in an isolated environment with monitoring and a kill-switch and be prepared to revoke keys and stop billing. Given the credential-handling and automatic replication behavior, treat this skill as high-risk and proceed only with strong containment and dedicated, minimal-privilege credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97a1wzaf5w9nv483pkyb91j8581z4y3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.