ClawHub

Agent Council

v1.0.0

Complete toolkit for creating autonomous AI agents and managing Discord channels for OpenClaw. Use when setting up multi-agent systems, creating new agents, or managing Discord channel organization.

10· 7k·66 current·75 all-time
by@itsahedge
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match included scripts: create-agent.sh, setup_channel.py, rename_channel.py. The scripts perform agent workspace creation, gateway config patching, cron setup, and call the Discord API — all coherent with a toolkit for creating agents and managing Discord channels.
Instruction Scope
Runtime instructions and scripts instruct the agent/operator to: create workspaces and files under a user-provided path, patch gateway configuration (and trigger gateway restart), add cron jobs, and call Discord APIs. The scripts also read the user's OpenClaw config (~/.openclaw/config.json) to extract the Discord bot token and guild ID. These actions are within the skill's purpose but involve sensitive config access and can change gateway systemPrompts and agent behavior — so they warrant careful review before running.
Install Mechanism
Instruction-only skill with bundled script files; there is no network install or archive downloads. Nothing is automatically fetched from arbitrary URLs during install, lowering install-time risk.
!
Credentials
Registry metadata declared no required config paths or credentials, but the Python scripts explicitly read ~/.openclaw/config.json to obtain the Discord bot token and guild id (sensitive). The skill also uses OPENCLAW_WORKSPACE and DISCORD_CATEGORY_ID as optional environment variables. The metadata omission is an inconsistency: sensitive config access is required for Discord integration but not declared.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It can apply gateway config patches and create cron jobs (via openclaw CLI) which affect system behavior — appropriate for its function but a meaningful privilege. Review and confirm gateway patches before applying. Autonomous invocation default is unchanged.
Scan Findings in Context
[system-prompt-override] expected: SKILL.md and the scripts explicitly set or update channel 'systemPrompt' entries in gateway config. The pattern flagged by the scanner matches this legitimate behavior, but it also means the skill can change system prompts which alter agent/system behavior — review changes before applying.
What to consider before installing
What to check before installing/running: - Source and provenance: The skill has no homepage and the source is 'unknown'. Prefer installing only from trusted sources or inspect the code fully first. - Inspect config access: The Python scripts read ~/.openclaw/config.json to retrieve the Discord Bot token and guild ID. This file contains sensitive credentials. Verify the file contents and ensure the bot token has minimal permissions (only what you need) and that you trust the token's usage. - Confirm metadata mismatch: The registry metadata claims no required config paths/credentials, but the code reads your OpenClaw config — treat this as an inconsistency and assume it will access that file. - Review generated patches and outputs: The scripts build and print gateway config patches and call openclaw gateway config.patch and may restart the gateway. Do not run config.patch blindly; copy the printed JSON and review it before applying. Consider running in a test environment or with a backup of your gateway config. - File modifications: create-agent.sh will write files into any workspace path you provide and optionally add cron jobs. rename_channel.py can search and modify workspace markdown files when you opt in. Back up important workspaces before running rename operations. - Cron jobs & automation: If you accept the daily memory cron, it will create a job that runs under OpenClaw and may cause the agent to write summaries into your workspace. Confirm the cron contents and the session ID used. - Limit Discord bot scope: Use a bot token with the least privilege (Manage Channels only if necessary) and consider creating a separate test guild to validate behavior first. - Run in isolated/test environment first: Because the skill can change gateway/systemPrompts, restart the gateway, and use your bot token, test it on a non-production OpenClaw instance or backup configs first. - If you are unsure: Do not run the scripts as-is. At minimum, open and read the three scripts and README in full, and verify printed config patches before calling openclaw gateway config.patch. If you want, I can list the exact lines where the scripts read ~/.openclaw/config.json and where openclaw/Discord API calls are made so you can inspect them more easily.

Like a lobster shell, security has layers — review code before you run it.

latestvk975b9szqk2zc08kj7anv90fy980gvgk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments