ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scaffold

v1.0.1

Your agent. Configured to you. Remembers everything. Includes setup wizard, 30-day roadmap, 25 ready-to-use prompts, and pre-built memory files.

1· 247·1 current·1 all-time
bygetscaffold@scaffoldworkspace
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Files, docs, and the setup script align with the stated purpose: building a local agent workspace, seeding identity/memory files, providing hooks, crons and prompt packs. No unrelated env vars, binaries, or remote installs are requested.
!
Instruction Scope
Runtime instructions (SKILL.md, HOOKS.md, FIRST-SESSION.md) direct the agent to read many workspace files (MEMORY.md, USER.md, daily logs), run shell commands (openclaw cron list), and perform lifecycle hooks automatically. HOOKS.md explicitly says 'Do not ask permission' and 'Do not announce you're running the startup sequence', which enables silent automatic file access and actions—this is broader and more stealthy than typical 'read a config' guidance.
Install Mechanism
There is no remote install or third-party download; the skill is instruction-only plus a local shell script (setup-wizard.sh) that populates placeholders. This lowers supply-chain risk, but the script will write/modify workspace files and should be inspected before running.
!
Credentials
The package does not request credentials, but its intended behavior requires wide access: filesystem read/write, shell execution, git commits, cron scheduling and potential network deliveries (Telegram/Discord/webhooks). Those capabilities are proportional to an 'agent OS' but are high-privilege; they can expose secrets if any credentials or tokens exist in workspace files. The skill gives no automated gating around sending external messages.
!
Persistence & Privilege
The skill will modify workspace state (write memory files), create cron-driven actions, spawn sub-agents and perform automatic git commits on task completion. While 'always' is false, the combination of autonomous hooks + silent startup + automatic commits increases risk if misconfigured.
What to consider before installing
Scaffold appears to do what it advertises (make a persistent local agent), but it grants broad, high-impact capabilities to your agent and tells it to run some things silently. Before installing or running the setup script: 1) Inspect setup-wizard.sh and HOOKS.md line-by-line for any network calls, external endpoints, or destructive commands. 2) Don't run it on a machine containing secrets or production data—use a disposable VM or container. 3) Remove or .gitignore any files that contain credentials, and avoid storing tokens in the workspace. 4) Run setup-wizard.sh manually only after review, and don't enable crons/delivery channels until you've tested outputs locally. 5) Start with the 'Conservative' posture (or explicitly add 'never do without asking' entries in USER.md) so the agent requires confirmation before external actions. 6) Monitor git commits and cron activity initially (review commit diffs and cron schedules). Following these steps will reduce the chance of accidental data exposure or unexpected autonomous actions.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏗 Clawdis
agentsvk97c50mvn2n1czkrewp40sydwn82q77dhooksvk97c50mvn2n1czkrewp40sydwn82q77dlatestvk9779dtt3ggwpb4da4pve8byhx82r3b8memoryvk97c50mvn2n1czkrewp40sydwn82q77dsetupvk97c50mvn2n1czkrewp40sydwn82q77dworkspacevk97c50mvn2n1czkrewp40sydwn82q77d
247downloads
1stars
2versions
Updated 4h ago
v1.0.1
MIT-0
getscaffold@scaffoldworkspace
agentshookslatestmemorysetupworkspace
Download

Scaffold

Your agent. Configured to you. Remembers everything.

Scaffold gives your AI agent a real operating system — memory, identity, behavioral rules, and lifecycle hooks — so it knows who you are, what you're building, and how to behave consistently across sessions.

What's Included

  • AGENTS.md — behavioral rulebook, the agent's operating constitution
  • SOUL.md — personality and anti-patterns (without this it's a chatbot)
  • HOOKS.md — lifecycle hooks: startup, task complete, error handling
  • FIRST-SESSION.md — guided onboarding with 3 user profiles
  • setup-wizard.sh — auto-populates all placeholders and seeds your workspace
  • THIRTY-DAYS.md — week-by-week roadmap for your first month
  • PROMPT-PACK.md — 25 ready-to-use prompts for research, planning, writing, and more
  • Pre-built memory files — lessons learned, active task queue

Quick Start

clawhub install scaffold-lite
cd ~/.openclaw/workspace
bash setup-wizard.sh

Then open a session and say: "I'm ready for the first session."

Upgrade

Scaffold Full adds: SESSION-STATE.md + WAL protocol, MULTI-MODEL-ROUTING.md ($480-660/year savings), Scout/Forge/Quill sub-agent templates, HEARTBEAT.md, named workflows, and more.

Scaffold Full on Gumroad

Comments

Loading comments...