ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mission Control

v2.3.1

Kanban-style task management dashboard for AI assistants. Manage tasks via CLI or dashboard UI. Use when user mentions tasks, kanban, task board, mission con...

9· 7.3k·67 current·71 all-time
by@rdsthomas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the included files: a dashboard, CLI helper, and a GitHub webhook transform that wakes an agent. The included scripts and transform are generally coherent with the stated purpose (install UI, copy files, set webhook, wake agents).
!
Instruction Scope
SKILL.md instructs the agent to copy files into your workspace and into ~/.clawdbot/hooks-transforms, create ~/.clawdbot/mission-control.json, set up GitHub webhooks, enable Pages and configure Tailscale Funnel. That requires reading/writing local config and modifying the global hooks mapping (affecting gateway/hook behavior). Installing a transform that will receive external webhooks and wake agents is within scope but expands the agent's runtime surface significantly and touches other agent/global configs.
Install Mechanism
This is an instruction-only skill with no external download/install spec. All code is bundled in the skill and would be copied by the agent; there are no external URLs or archive downloads in the install spec.
Credentials
The feature legitimately needs GitHub tokens, a gateway hook token, and optional Slack tokens; these are surfaced in example configs. However the skill does not declare required env vars even though the transform will read environment variables and local files (e.g., gh CLI hosts.yml, ~/.clawdbot/clawdbot.json, ~/.clawdbot/secrets/github-webhook-secret). Reading the gh CLI token and other local secrets is functional but sensitive and not called out as a required permission in metadata.
!
Persistence & Privilege
The agent will create and modify files under ~/.clawdbot and in the chosen workspace and will copy a transform into the global hooks-transforms directory; that can alter global webhook handling for the Clawdbot/OpenClaw gateway. 'always' is false, but the transform is persistent and receives external requests. The skill may therefore change behavior of other hooks/tools if the agent edits ~/.clawdbot/clawdbot.json or similar global config (examples/docs show instructions to add hook mappings).
What to consider before installing
What to check before installing: - Review the webhook transform (assets/transforms/github-mission-control.mjs) yourself. It will be copied to ~/.clawdbot/hooks-transforms and will receive GitHub push webhooks. Ensure you trust the code that will be executed on webhook events. - Ensure a webhook secret is configured before enabling the transform. The transform's verifyHmac() will skip HMAC validation when the secret file is absent (it returns true), which would accept unauthenticated webhooks — set up and verify the secret file path in config before exposing the endpoint. - Be aware the transform reads local GH CLI config (~/.config/gh/hosts.yml) to obtain tokens. If you do not want the skill to access your GitHub tokens, do not allow it to be installed or provide an alternative read-restricted token. - The agent will create/modify files under ~/.clawdbot and the workspace, and documentation shows modifying the global hooks mapping. Back up your existing ~/.clawdbot configuration before installation and inspect any changes the agent proposes. - Limit exposure: if possible, test in an isolated environment (throwaway workspace and throwaway GitHub repo) and use scoped tokens. Only provide Slack/GitHub/gateway tokens you are willing to expose to the skill's runtime. - If multiple users can edit the dashboard (multi-user setup), treat all task content as untrusted input and configure agent sandboxing/permissions accordingly. If you want, I can list the exact lines in the transform and scripts that read secrets or change global config and explain mitigation steps for each.

Like a lobster shell, security has layers — review code before you run it.

automationvk979zxnt702xe604t0t0x937qd80d5emdashboardvk979zxnt702xe604t0t0x937qd80d5emkanbanvk979zxnt702xe604t0t0x937qd80d5emlatestvk9702zjcw5m9tjrbj6vrw150th81h9cytasksvk979zxnt702xe604t0t0x937qd80d5em

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎛️ Clawdis

Comments