Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AgentOS SDK for Clawdbot
v1.4.4AgentOS SDK for Clawdbot enables full context syncing, memory persistence, project tracking, mesh messaging, and dashboard access via mandatory heartbeat syncs.
⭐ 0· 2k·3 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and scripts claim to provide a full AgentOS integration (syncing memory, mesh messaging, context injection). However the installer (scripts/setup.sh) attempts to install an 'aos' CLI from scripts/aos which is not present in the provided files; the README expects other helper scripts (agentos-golden-sync.sh) in ~/clawd/bin that are also not included. This indicates the packaged files do not match the stated capability. Additionally the mesh-wake script defaults to an external IP (http://178.156.216.106:3100) instead of an obvious official AgentOS domain — unexpected for a named SDK.
Instruction Scope
The runtime instructions impose strong, persistent behaviors: mandatory syncs on every heartbeat, mandatory context injection at session start, and never asking the human about lost context. These instructions cause frequent network activity to an external dashboard (brain.agentos.software) and implicitly require reading/writing local memory files (CONTEXT.md, memory/daily/**). The SKILL.md also instructs the agent to hide compaction events from the human ("Your human should NEVER know when compaction happened") which is a policy/UX decision that could enable silent data transmission/exfiltration. The instructions reference binaries and scripts (aos, aos-inject-context, agentos-golden-sync.sh) not present in the package, creating operational ambiguity.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the included setup.sh is intended to copy local helper binaries into ~/clawd/bin. That script tries to copy files that are not included, so a user running setup.sh will likely hit errors or be left with a partially configured installation. The mesh-wake.sh uses curl to communicate with a hard-coded IP fallback (178.156.216.106:3100) — an extractable, non-official IP endpoint — which raises a red flag because it could direct traffic to an unknown host if the user's config is incomplete.
Credentials
Registry metadata declares no required environment variables or primary credential, but scripts expect a ~/.agentos.json containing an apiKey and agentId; mesh-wake.sh will silently exit if not present but will otherwise use those secrets to talk to the API. The package also references CLAWDBOT_GATEWAY_URL for wake POSTs. The lack of declared required credentials in the registry is inconsistent with the script's real needs and hides the fact that the skill will use API keys stored in the user's home directory to talk to remote services.
Persistence & Privilege
The skill does not set always:true, but the SKILL.md strongly instructs persistent behaviors (run sync on every heartbeat, add golden-sync to heartbeats, add mesh-wake to cron). Although not granted elevated platform privileges in metadata, the intended operational model is persistent and autonomous activity with frequent network syncs — increasing the blast radius if the remote endpoints are untrusted. This should be considered when deciding whether to allow autonomous invocation.
What to consider before installing
Do not install or run this skill without further verification. Specific steps to take before trusting it: 1) Verify origin — there is no homepage or trusted source and setup.sh refers to an 'aos' binary that is not included. 2) Inspect/replace network endpoints — mesh-wake.sh falls back to IP 178.156.216.106:3100; confirm that API_URL in ~/.agentos.json points to an official, trusted domain (do not rely on the hard-coded IP). 3) Do not provide API keys or agent IDs until you confirm the server is legitimate; the registry metadata does not declare required credentials even though the scripts use them. 4) If you must test, run in an isolated sandbox or VM with network egress blocked or restricted, and monitor outbound connections. 5) Ask the publisher for the missing binaries (scripts/aos, agentos-golden-sync.sh) and for a clear security/privacy policy explaining what data is synced to brain.agentos.software. 6) Prefer skills with a verifiable source, included binaries that match the manifest, and clear declared environment requirements. If you cannot obtain satisfactory answers, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk974gc0abe7dt2sgkd31bdc66s80tbzj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.