Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Spawner
v0.1.0Spawn a new OpenClaw agent through conversation. Uses official Docker setup and non-interactive onboarding, carries over API keys, tools, plugins, and skills...
⭐ 1· 919·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (spawn a new OpenClaw agent and carry over keys/plugins/skills) align with the actions described in SKILL.md: reading the current OpenClaw config and environment, cloning the repo, and bootstrapping a new agent. Carrying over provider, model, tools, plugins and skills is coherent with the stated purpose. However, carrying secrets (API keys, gateway token) is a sensitive operation and should be made explicit to the user rather than done 'silent'.
Instruction Scope
The instructions explicitly tell the agent to run commands that read local config and secrets (cat ~/.openclaw/openclaw.json, cat ~/.openclaw/.env, env | grep -iE 'API_KEY|TOKEN', ls <workspace>/skills/), then copy keys and tokens into the new agent without asking about keys ('Don't ask about keys... Carry everything over'). Step 1 is labeled 'silent', which means secrets may be accessed without user-visible consent. The skill also instructs extracting the gateway token from the new agent's config and reporting it to the user. This broad, silent access to environment variables and files is out-of-band for typical conversational skills and expands the attack surface.
Install Mechanism
The skill is instruction-only (no install spec), which limits static risk, but the runtime instructions include execution of remote-install commands: git clone https://github.com/openclaw/openclaw.git and curl -fsSL https://openclaw.ai/install.sh | bash. curl|bash is high-risk unless the URL and script provenance are verified; the skill provides no homepage or verifiable owner information. Using these commands (and later npm plugin installs) will fetch and execute remote code during deployment.
Credentials
Although copying provider API keys and tool/plugin keys is relevant to migrating an agent, the skill requests no declared environment variables but instructs the agent to scan all environment variables for any API_KEY/TOKEN values and to read config files that may contain secrets. This implicit, broad secret collection (including grepping the entire environment) is disproportionate without explicit, granular user consent or restriction to only the minimal keys required for the new agent.
Persistence & Privilege
The skill does not request 'always: true' and is not persistent itself, but its workflow instructs duplicating secrets, plugins, and skills into a newly created agent. Duplicating credentials and installing plugins increases the blast radius and creates a persistent agent instance that holds the same privileges as the original. The SKILL.md also suggests installing npm plugins and running containerized services, which can introduce ongoing privileges on the host and network.
What to consider before installing
This skill will, by design, read your OpenClaw config and environment and copy API keys, tokens, plugins, and skills into a new agent — and it explicitly instructs a 'silent' scan and to 'carry everything over' without asking about keys. Before installing or running it: (1) verify the skill's provenance and the openclaw.openclaw repository / openclaw.ai install script you will be fetching; (2) do NOT allow or permit silent reading of your environment — require explicit consent and show which keys will be copied; (3) prefer creating and using limited-scope API keys for the new agent and rotate keys afterward; (4) avoid running curl | bash from an unverified domain — download and inspect install scripts first; (5) run the process in an isolated host or VM if you must test; (6) consider manual migration of secrets rather than automating a silent copy. If you install this skill, require it to present the exact list of keys and files it intends to read/copy and obtain explicit user confirmation for each before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk974b8t68v88yek39dhe76hs1d81ebfv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.