Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
fleet
v3.0.4Multi-agent fleet management CLI for OpenClaw. Coordinator agent tool for monitoring, dispatching tasks to, and observing a fleet of agent gateways. Operatio...
⭐ 2· 675·3 current·3 all-time
byOguzhan Atalay@oguzhnatly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (fleet management, dispatch, watch, trust scoring) match the declared requirements: bash, python3, curl, optional gh CLI, local config/state under ~/.fleet, reading OpenClaw workspace and agent session files. The optional LINEAR_API_KEY and gh integration are used only for optional CI/Linear features and examples.
Instruction Scope
SKILL.md instructs one-time loopback port scanning and reading ~/.openclaw/openclaw.json at init, and permits reading fleet-created session files for watch/steering — all are documented and within the stated purpose. These actions access sensitive local artifacts (session transcripts, agent tokens) so operator consent is required and is documented. The agentScope explicitly forbids autonomous package manager/sudo actions, which reduces scope creep.
Install Mechanism
No opaque download URLs: install paths are clawhub or manual git clone from a GitHub repo; self-update uses GitHub releases with SHA256 verification. Files in the package are shell and helper scripts (no hidden remote installers). Background update check to api.github.com is documented and opt-out via FLEET_NO_UPDATE_CHECK is provided.
Credentials
No required external secrets; only optional env vars (config overrides, FLEET_NO_UPDATE_CHECK, LINEAR_API_KEY). The skill stores agent gateway tokens in plaintext under ~/.fleet/config.json (init applies chmod 600 as documented). That plaintext storage is proportionate for local gateway auth but is a sensitive risk that the operator must accept.
Persistence & Privilege
Always:false (not force-included). The init flow writes a symlink to ~/.local/bin, creates ~/.fleet/, and may append a PATH export to a shell rc file — all within the user's home and explicitly documented with an opt-out/manual path. Autonomous agent invocation is allowed (platform default) but agentScope limits many risky actions (no sudo, no package manager installs, no modifying OpenClaw config).
Assessment
This skill appears to do what it says: manage a local fleet of OpenClaw gateways. Before installing, review and accept these facts: (1) fleet init performs a one-time loopback port scan and reads ~/.openclaw/openclaw.json to auto-detect gateways; (2) it stores agent gateway tokens in ~/.fleet/config.json in plaintext but sets file permissions to 600 (you should inspect the file and rotate tokens if concerned); (3) fleet may read fleet-named session transcript files (transcripts contain full conversation history) — ensure those directories are private; (4) a background GitHub release check contacts api.github.com once per 24h (disable with FLEET_NO_UPDATE_CHECK); (5) the installer may symlink to ~/.local/bin and append a PATH export to your shell rc unless you use the manual install path. If any of these are unacceptable, clone the repo and follow the documented 'skipInit'/manual steps so you control what is written. Finally, because the package contains many shell scripts and runs locally, inspect the repo (bin/fleet and lib/*) yourself or run it in an isolated account/container if you need extra assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk9718etd69b2ebjfpvtdn5w3n182yxfx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsbash, python3, curl