ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OrgX Power

v1.0.0

Power-user OrgX skill for OpenClaw. Use when you explicitly need the full mutation surface for entity CRUD, run control, checkpoints, stream reassignment, or...

0· 100·0 current·0 all-time
byHope Atina@hopeatina

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hopeatina/orgx-power.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OrgX Power" (hopeatina/orgx-power) from ClawHub.
Skill page: https://clawhub.ai/hopeatina/orgx-power
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install orgx-power

ClawHub CLI

Package manager switcher

npx clawhub@latest install orgx-power
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md documents an elevated 'power' set of OrgX mutation calls. Nothing requested (no env vars, no binaries) is out of scope for a purely-instruction skill that calls existing runtime plugin methods.
Instruction Scope
The instructions focus on calling elevated OrgX tools (create/update entities, run control, checkpoint restore). They do not ask the agent to read local files or unrelated env vars. However the doc explicitly references working against an 'unscoped /orgx/mcp endpoint' (i.e., bypassing domain-scoped safe surfaces), which is a potential scope escalation and should only be used where runtime authorization/audit controls are known.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no environment variables, credentials, or config paths. That is proportionate to an instruction-only skill that expects pre-existing runtime plugin capabilities.
!
Persistence & Privilege
The skill is user-invocable and allowed to be invoked autonomously by the agent (platform default). Because it exposes an elevated mutation surface, autonomous invocation increases blast radius if the runtime grants these operations without additional auth, human approval, or auditing.
What to consider before installing
This skill intentionally exposes the platform's full admin/mutation surface. Only install/use it if you trust the runtime and need these privileged operations. Before enabling: (1) confirm the runtime enforces authorization and audit logging for the listed orgx_* methods, (2) restrict use to trusted agents/operators and require human approval for high-risk actions, (3) avoid granting the skill to agents that can act autonomously unless you have additional safeguards (manual approval/workflow gates, rate limits, or scoping), and (4) prefer the safer domain-scoped 'orgx' skill unless an operation truly requires the unscoped endpoint. If you cannot verify those controls, do not install or disable autonomous invocation for this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk977a1t384zr66gzrx62hv1rzx83skfk
100downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Hope Atina@hopeatina
latest
Download

OrgX Power (OpenClaw)

Use this skill only when the caller explicitly needs the full mutation surface exposed by the OrgX OpenClaw plugin. This is the elevated counterpart to the default-safe orgx skill.

Use orgx by default. Use orgx-power when you need admin or orchestration operations that change entity state directly.

When to use this skill

  • creating or updating OrgX entities directly
  • reassigning streams or changing execution ownership
  • pausing, resuming, cancelling, or rolling back runs
  • listing or restoring checkpoints
  • inspecting or updating managed agent config policy
  • working against the unscoped /orgx/mcp endpoint rather than a domain-scoped safe surface

Elevated tool surface

These tools are part of the plugin registry, but are elevated and should be used intentionally:

  • orgx_apply_changeset
  • orgx_create_entity
  • orgx_update_entity
  • orgx_list_entities
  • orgx_reassign_stream
  • orgx_reassign_streams
  • orgx_delegation_preflight
  • orgx_run_action
  • orgx_checkpoints_list
  • orgx_checkpoint_restore
  • orgx_agent_sessions
  • orgx_resume_agent_session
  • orgx_clear_agent_session
  • update_agent_config
  • orgx_sentinel_catalog

The default-safe reporting tools still apply and should usually wrap elevated work:

  • orgx_emit_activity
  • orgx_request_decision
  • orgx_register_artifact
  • orgx_spawn_check
  • orgx_proof_status
  • orgx_verify_completion

Operating discipline

  1. Announce intent with orgx_emit_activity before making mutations.
  2. Prefer orgx_request_decision before irreversible or org-wide changes.
  3. Use orgx_apply_changeset when you need idempotent batched state updates.
  4. Register artifacts for anything another operator would need to inspect later.
  5. Verify completion and proof state after major mutations.

Examples

Batched entity mutation

orgx_apply_changeset({
  initiative_id: "aa6d16dc-d450-417f-8a17-fd89bd597195",
  idempotency_key: "run_abc_turn_7_commit_1",
  operations: [
    { op: "task.update", task_id: "task_uuid", status: "in_progress" },
    { op: "decision.create", title: "Use SSE for live updates", urgency: "medium" }
  ]
})

Reassign a stream

orgx_reassign_stream({
  initiative_id: "aa6d16dc-d450-417f-8a17-fd89bd597195",
  workstream_id: "7f8e2f61-...",
  domain: "operations",
  role: "reliability"
})

Run control

orgx_run_action({
  runId: "9d5c8b2b-...",
  action: "pause",
  reason: "Waiting for approval on production cutover"
})

Safety note

This skill assumes the runtime actually exposes the elevated tools. In the managed OrgX agent suite, many domain-scoped surfaces intentionally hide them. If a tool is unavailable, fall back to the safe orgx skill and request the necessary human decision or orchestration context.

Comments

Loading comments...