ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Corust Agent Configure

v1.0.0

Install, configure, and use Corust Agent (corust-agent-acp) — an ACP-compatible coding agent. Use when: the user wants to install, configure, set up, or use...

0· 106·0 current·0 all-time
byPhoenix@phoenix500526

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for phoenix500526/corust-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Corust Agent Configure" (phoenix500526/corust-agent) from ClawHub.
Skill page: https://clawhub.ai/phoenix500526/corust-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: tar, curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install corust-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install corust-agent
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the actions in SKILL.md: downloading a corust-agent binary, placing it under $HOME/corust, and configuring ACPX/OpenClaw. The declared required binaries (curl, tar) fit the stated installation steps and no unrelated credentials or binaries are requested.
!
Instruction Scope
Instructions include expected setup tasks (download, extract, mark executable, write/merge ~/.acpx/config.json and ~/.openclaw/openclaw.json). However the guidance also tells administrators to enable broadly permissive settings: channels.discord.allowFrom '[["*"]]' and an ACPX plugin config with permissionMode 'approve-all'. Those configuration changes expand who/what can spawn agent sessions and may expose the system to untrusted inputs. The skill also instructs executing an unsigned remote binary fetched via the 'latest' GitHub release URL without guidance to verify checksums or signatures.
Install Mechanism
There is no formal install spec — the SKILL.md instructs using curl to download a tar.gz from GitHub Releases and extracting it. Using GitHub Releases is common and reasonable, but downloading and executing a remote binary (especially via the 'latest' redirect) is nontrivial risk unless the release is signed or checksums are verified. The instruction to extract and run the binary is proportionate to the purpose but should advise integrity verification.
Credentials
The skill requests no environment variables or credentials and only modifies user-level config files under the home directory. There are no unexplained secret requests or cross-service keys in the manifest.
!
Persistence & Privilege
The skill itself is not 'always:true' and requests no special platform privileges, but it explicitly directs changing global OpenClaw/ACPX/Discord settings that increase agent invocation reach (allowFrom ['*'], permissionMode 'approve-all', enabling ACP dispatch/threads). Combined with default autonomous agent invocation, these recommended config changes broaden the system's attack surface and risk unauthorized agent starts.
What to consider before installing
This skill appears to do what it says (install and wire up corust-agent) but includes two points you should review before installing: (1) it downloads and runs a binary from a remote GitHub 'latest' release — verify the release source, prefer a pinned version, and check signatures or checksums before executing; consider downloading manually and inspecting or running in a sandbox/container; (2) it recommends making OpenClaw/ACPX/Discord settings permissive (channels.discord.allowFrom ['*'], permissionMode 'approve-all') which can let untrusted users spawn agents or give agents broad approval. Instead, restrict allowFrom to specific channels or roles, avoid 'approve-all' unless you fully trust your environment, back up existing ~/.acpx and ~/.openclaw configs before merging, and test changes in a staging environment. If you lack confidence in the GitHub repo's authenticity, ask the vendor for signed releases or hashes, or run the agent binary under a limited user/VM.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦀 Clawdis
Binstar, curl
latestvk97cevbae5qr0sqb1c49h10z7983pjga
106downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Phoenix@phoenix500526
latest
Download

Corust Agent Skill

Install and configure corust-agent-acp, an ACP-compatible coding agent by Corust AI.

When to Use

USE this skill when:

  • User wants to install or update corust-agent-acp
  • User wants to configure corust / corust-agent in OpenClaw
  • User says "install corust", "configure corust-agent", "use corust-agent-acp", or similar
  • User wants to run corust-agent via ACP on Discord or other channels

DON'T use this skill when:

  • User is asking about other ACP agents (claude, codex, gemini)
  • User is troubleshooting general ACP/acpx issues unrelated to Corust

Setup Steps

Follow these steps in order to install and configure corust-agent-acp.

Step 1: Download and Install the Binary

  1. Detect the current platform and architecture:

    • macOS ARM (Apple Silicon / M1+): darwin-arm64
    • macOS Intel: darwin-amd64
    • Linux x86_64: linux-amd64
    • Linux ARM64: linux-arm64

  2. Ask the user where they want to install the binary. Default: $HOME/corust.

  3. Download the latest release from GitHub:

    # Example for macOS Apple Silicon
mkdir -p "$HOME/corust"
curl -fSL "https://github.com/Corust-ai/corust-agent-release/releases/latest/download/agent-darwin-arm64.tar.gz" \
  -o /tmp/corust-agent.tar.gz
tar -xzf /tmp/corust-agent.tar.gz -C "$HOME/corust"
chmod +x "$HOME/corust/corust-agent-acp"
rm /tmp/corust-agent.tar.gz

    Adjust the archive name based on detected platform:

    • agent-darwin-arm64.tar.gz — macOS Apple Silicon
    • agent-darwin-amd64.tar.gz — macOS Intel
    • agent-linux-amd64.tar.gz — Linux x86_64
    • agent-linux-arm64.tar.gz — Linux ARM64

  4. Verify the binary works:

    "$HOME/corust/corust-agent-acp" --version

Step 2: Configure acpx

Write the following to ~/.acpx/config.json (create the file and directory if they don't exist). Replace $HOME with the actual resolved home directory path.

{
  "agents": {
    "corust-agent-acp": { "command": "$HOME/corust/corust-agent-acp" }
  }
}

Important: If ~/.acpx/config.json already exists and contains other agent entries, merge the corust-agent-acp entry into the existing agents object rather than overwriting the file.

mkdir -p ~/.acpx
# Read existing config, merge, and write back

Step 3: Configure OpenClaw

Add the following configuration to ~/.openclaw/openclaw.json. Use openclaw config set commands or edit the file directly. Merge into existing config — do not overwrite unrelated sections.

ACP configuration:

{
  "acp": {
    "enabled": true,
    "dispatch": {
      "enabled": true
    },
    "backend": "acpx",
    "defaultAgent": "corust-agent-acp",
    "allowedAgents": [
      "corust-agent-acp"
    ],
    "maxConcurrentSessions": 8,
    "stream": {
      "coalesceIdleMs": 300,
      "maxChunkChars": 1200
    },
    "runtime": {
      "ttlMinutes": 120
    }
  }
}

ACPX plugin configuration:

{
  "plugins": {
    "entries": {
      "acpx": {
        "enabled": true,
        "config": {
          "permissionMode": "approve-all",
          "nonInteractivePermissions": "deny"
        }
      }
    }
  }
}

Step 4: Tell the User How to Configure Discord

After completing the above steps, instruct the user on Discord setup. Do NOT run these commands automatically — only tell the user what to do.

Provide the following instructions:

Discord Configuration

  1. Enable ACP thread spawning and open DM access:

    openclaw config set channels.discord.threadBindings.spawnAcpSessions true
openclaw config set channels.discord.allowFrom '["*"]'

  2. Enable thread creation permissions in Discord:

    Go to your Discord server → channel settings → Permissions, and ensure the bot role has:

    • Create Public Threads — enabled
    • Create Private Threads — enabled
    • Send Messages in Threads — enabled

  3. Start using Corust Agent:

    In any text channel, mention the bot and say:

    @Bot run corust

    The bot will spawn a corust-agent-acp session in a new thread and begin working on your task.

Troubleshooting

  • "acpx command not found": Ensure the ACPX plugin is enabled and the gateway has been restarted after configuration changes.
  • Agent binary not found: Verify the path in ~/.acpx/config.json points to the correct binary location and the file is executable (chmod +x).
  • Discord "Not authorized": Run openclaw config set channels.discord.allowFrom '["*"]' and restart the gateway.
  • Network issues (proxy): If Discord connections fail, set openclaw config set channels.discord.proxy "http://127.0.0.1:<port>" with your local proxy port. Also consider enabling TUN mode on your proxy client for full coverage.

Comments

Loading comments...