Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Runtime
v1.0.0智能体运行时系统。整合工具注册、权限控制、Hook拦截、上下文压缩、Usage追踪的完整Agent运行时。 当用户说"创建Agent"、"运行Agent"、"Agent Runtime"、"子代理"时触发。
⭐ 0· 0·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (agent runtime: tool registration, permission control, hooks, compaction, usage tracking) aligns with the actual code. The included classes (ToolRegistry, HookRunner, SessionCompactor, UsageTracker) implement the described features. Built-in tools (read_file, bash, search, todo) are consistent with an agent runtime that can run sub-agents and tools.
Instruction Scope
SKILL.md and the example show importing the included script and registering/using tools — no instructions ask for unrelated files or external endpoints. However, the built-in tool implementations permit arbitrary local file reads (fs.readFileSync) and arbitrary shell command execution (child_process.spawn). The HookRunner implementation is a no-op (always allows), and PermissionPolicy appears as a concept but is not enforced in the provided code, so the runtime as packaged grants broad tool access by default.
Install Mechanism
This skill is instruction-only with the included script; there is no install spec and no external downloads or package installs referenced. Nothing in the manifest pulls code from third-party URLs or package registries.
Credentials
No environment variables, credentials, or config paths are requested. That is proportionate to the declared purpose. Note: absence of declared secrets does not prevent the runtime from reading arbitrary local files or using shell commands to access environment data at runtime.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and there is no install-time persistence mechanism declared. It therefore does not demand elevated platform privileges beyond normal runtime invocation.
Assessment
This skill appears to be what it claims: an agent runtime. However, the shipped runtime exposes powerful built-in tools that can read any local file and execute arbitrary shell commands, and the provided HookRunner/Permission components do not enforce restrictions in the current implementation. Before installing or enabling this skill: 1) treat it as high-privilege — do not run it where it can access sensitive files or credentials; 2) require or implement proper permission policies and pre-hooks that validate/deny dangerous operations; 3) run it in a sandboxed environment (container/VM) if you must test it; 4) review and, if necessary, remove or harden the 'read_file' and 'bash' tool implementations (limit paths, avoid shell execution or require explicit approval); 5) request the full, non-truncated source and any missing modules so you can confirm there are no hidden network exfiltration paths. If you need a safer runtime, ask the author for an explicit permission model and secure defaults (deny-by-default for DANGER/ADMIN tools).scripts/agent-runtime.mjs:248
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
agentvk974k7t3m0a9q3wxse8aby7jv584bsmqautomationvk974k7t3m0a9q3wxse8aby7jv584bsmqlatestvk974k7t3m0a9q3wxse8aby7jv584bsmqruntimevk974k7t3m0a9q3wxse8aby7jv584bsmqsubagentvk974k7t3m0a9q3wxse8aby7jv584bsmq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.