ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Relay Orchestrator

v1.0.0

Multi-worker orchestration for Claude Code with Notion visibility

0· 63·0 current·0 all-time
by@theagentacademy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-worker Claude Code orchestration + Notion visibility) matches the required binaries (node, claude) and the required env vars (NOTION_TOKEN, NOTION_PAGE_ID). The listed node packages (@notionhq/client, agent-relay, better-sqlite3) are reasonable for a Node orchestrator that persists sessions and posts to Notion.
Instruction Scope
SKILL.md instructs the agent/operator to clone and run the agent-relay-orchestrator repo locally, run npm install, populate .env with Notion creds, and interact with a localhost HTTP API. The instructions only reference the declared env vars and local endpoints; they do not request unrelated system files or credentials. Note: the orchestrator will persist session state locally and send data to Notion (expected for the stated purpose).
Install Mechanism
Install uses npm packages from the public registry (moderate-risk install surface). This is proportional to a Node-based orchestrator but carries the usual npm risks: packages may execute install/build scripts or compile native modules (better-sqlite3). The SKILL.md additionally instructs cloning and running a GitHub repo (the homepage matches the repo). No remote arbitrary binary downloads or URL shorteners are used in the instructions.
Credentials
Only NOTION_TOKEN and NOTION_PAGE_ID are required and declared; NOTION_TOKEN is the primary credential and is appropriate for pushing visibility to Notion. No unrelated credentials or system config paths are requested. Keep in mind the Notion token grants access to the specified page(s), so it should be scoped/minimal.
Persistence & Privilege
The skill is not forced-always and does not request unusual privileges. It persistently stores session state locally (expected); autonomous invocation is allowed (default) but not a red flag by itself. There is no evidence it modifies other skills or system-wide configs.
Assessment
This skill looks internally consistent, but before installing: (1) review the GitHub repo and the 'agent-relay' package source to ensure you trust the code you will run locally; (2) minimize scope of the Notion credential (use a dedicated/integration token and a page dedicated to the orchestrator), since NOTION_TOKEN grants access to your Notion content; (3) run npm install in an isolated environment (container or VM) if you want to limit risk from install/build scripts or native module compilation (better-sqlite3); (4) verify the Claude CLI usage/credentials are handled securely and don’t expose sensitive data to the orchestrator or Notion; (5) if you need higher assurance, audit the repo code (especially network calls and persistence logic) or run it behind a network-restricted host before trusting it with production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpsdaedks2t7p2s89aekhc583tby9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔀 Clawdis
OSmacOS · Linux
Binsnode, claude
EnvNOTION_TOKEN, NOTION_PAGE_ID
Primary envNOTION_TOKEN

Install

Nodenpm i -g @notionhq/client
Nodenpm i -g agent-relay
Nodenpm i -g better-sqlite3

Comments