ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Project Orchestrator

v0.2.0

AI agent orchestrator with Neo4j knowledge graph, Meilisearch search, and Tree-sitter parsing. Use for coordinating multiple coding agents on complex projects with shared context and plans.

3· 2.2k·8 current·10 all-time
by@reversteam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (Neo4j + Meilisearch + Tree-sitter orchestrator) aligns with the included source (Rust code for neo4j/meilisearch/tree-sitter, many API/mcp handlers) and the declared required binaries (docker, cargo). However the registry metadata / SKILL.md claim 'required env vars: none' while docs and docker-compose clearly show NEO4J and MEILISEARCH credentials/configuration — an omission that is inconsistent and worth flagging. Also the registry says 'instruction-only' (no install spec) even though the skill bundle contains full source and build instructions.
!
Instruction Scope
SKILL.md and the docs instruct running 'docker compose up' and 'cargo build' and using HTTP endpoints (e.g., POST /api/sync with absolute paths) and a file watcher to auto-sync directories. The API reference explicitly states 'the API does not require authentication' which means the service will, by default, expose operations that can read and index arbitrary filesystem paths and record decisions/plans without auth. For an agent that can call local endpoints this grants broad access to host files and metadata — behavior that goes beyond a simple helper and requires careful operational controls.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the repository includes full source and a Docker Compose file with clear build/run instructions (cargo build, docker compose up). This is lower-risk than an arbitrary remote download, since source is bundled, but it's inconsistent with the 'instruction-only' label and means compilation/run happens locally (needs cargo/docker present).
!
Credentials
The skill declares no required env vars, yet docs and docker-compose use several sensitive environment values (NEO4J_URI/USER/PASSWORD, MEILISEARCH_URL/KEY, NEO4J_AUTH, MEILI_MASTER_KEY). The docker-compose provides default passwords (e.g., orchestrator123, orchestrator-meili-key-change-me). Requiring access to these credentials is proportional to the stated purpose, but omitting them from declared requirements and shipping default cleartext credentials is an operational and security concern.
!
Persistence & Privilege
The skill does not request 'always: true' (good), but running it starts an HTTP API, file watcher, and an MCP server exposing 100+ tools to connected agent clients. Combined with the documented default of 'no authentication' and the file-watcher/sync endpoints accepting arbitrary paths, this produces an elevated persistent local attack surface: a running orchestrator could be used (accidentally or maliciously) to index or expose host files and project secrets unless the user explicitly secures it (network access controls, auth reverse-proxy, limiting watched paths).
What to consider before installing
What to consider before installing: - This bundle is coherent with its stated functionality (Neo4j + Meilisearch + parsing) but contains full source code and explicit run instructions; it will compile/run on your machine (cargo, docker required). - The docs state the HTTP API is unauthenticated by default. If you run this service locally it will expose endpoints that accept absolute filesystem paths (sync/watch) and can read/index your code. Treat this like running any local service that can access files: only run it in a controlled environment. - The repository and docker-compose include default credentials (NEO4J_PASSWORD, MEILI_MASTER_KEY). Change these before exposing services, and do not reuse them for other systems. - Before running: audit the source (or have someone you trust audit it), restrict what directories are watched/synced, run in an isolated environment/container, and front the service with authentication (reverse proxy or local firewall rules). If you will expose it to other processes/agents, require authentication for the API and limit network access. - If you cannot or will not audit the code, or you do not have a segregated environment to run services that can read arbitrary host paths, do not install. At minimum, verify the code paths that handle /api/sync, /api/watch, and MCP tool handlers to confirm they enforce expected access controls.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717rybnrrzg5qz1zaac72zqd80sc23

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis
Binsdocker, cargo

Comments