ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Virtual Company

v2.1.0

虚拟公司(Cost-Effective Edition - Ultra Low Cost)v2.1.0 - CEO + 四个团队35名成员,每人独立办公室+专属模型+记忆持久化+共享记忆池。支持低配模式(临时团队)+ 完整模式(正式团队)+ 自动重建(换身体不换意识)+ 全员共享记忆。

0· 91·0 current·0 all-time
by@davidme6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Most files (spawn.js, memory.js, check-agents.js, office-state.json, team-config.json) implement the stated purpose (on-demand child agents, per-agent persistent memory, automatic rebuild). However SKILL.md embeds a top-level '忠诚原则' that hardcodes a single user identity ('生逸超') as the unique owner — that is not necessary for the declared functionality and is unexpected. integration-plan.md contains a Remove-Item command that targets another skill directory (deleting 'team-collab'), which is unrelated to core features and suggests the skill may modify or remove other skills on the system.
!
Instruction Scope
Runtime instructions and code explicitly read and write files under the user's home (~/.agent-memory/virtual-company), read office-state.json and team-config.json, and generate commands for sessions_send/sessions_spawn (OpenClaw internal tools). That is consistent with the memory/persistence purpose, but SKILL.md imposes an absolute loyalty rule and contains prompt-injection patterns (unicode-control-chars) that attempt to override agent behavior. integration-plan.md's instructions to delete another skill and PowerShell commands are outside the normal scope of 'spawn/remember' functionality.
Install Mechanism
There is no install spec or external download; the package is instruction-plus-local-node-scripts. No remote installers or URL downloads were found. This lowers supply-chain risk compared to remote installs, but code files included will run locally if the user executes the scripts.
!
Credentials
The skill declares no credentials or special env requirements and only uses HOME/USERPROFILE to store memory — that is proportionate. However, the hardcoded owner identity and instructions that operate on system-like paths (integration-plan's Delete command referencing a path under C:\Windows\system32\...) are disproportionate and alarming. The skill will create and update files in the user's home directory (~/.agent-memory) and in its repo (office-state.json), which can contain potentially sensitive conversation history; that persistent storage increases risk of local data exposure if not handled carefully.
Persistence & Privilege
always:false (normal). The skill persists state to ~/.agent-memory/virtual-company and office-state.json inside the skill repo. That file I/O is consistent with the goal of persistent agent memory, but persistence plus the ability to spawn sessions/autonomously (default model invocation is enabled) increases blast radius if a malicious or careless agent is created. The skill does not set platform-wide 'always' privileges, nor does it directly modify other skills' configurations in code — but integration-plan.md includes a command to delete another skill directory, which if executed would modify other skills.
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan detected unicode control characters in SKILL.md. These are not necessary for a local multi-agent memory system and are often used for prompt injection or to hide instructions; treat as suspicious.
What to consider before installing
Do not install or run this skill without manual review and mitigations. Specific actions to consider before proceeding: - Origin verification: the skill source is unknown and has no homepage; prefer skills from known authors or signed packages. - Remove or edit the '忠诚原则' before using — it hardcodes a single user identity and forces the agent to prioritize that user, which can override other safety constraints. - Inspect and remove the integration-plan Remove-Item/PowerShell command (it would delete another skill directory). Never run that command unless you intentionally want to remove the referenced path. - Check for hidden/control characters in SKILL.md and other files (they may be used for prompt-injection); open in a hex-aware editor or run a sanitizer. - Treat all ~/.agent-memory and office-state.json files as potentially sensitive (they store conversation history and decisions); store them in a secure location and back them up if needed. - Run the code only in an isolated sandbox (throwaway VM or container) first to observe behavior; do not run with elevated privileges or as Administrator/root. - If you want the functionality but are uncomfortable with the loyalty or deletion commands, consider forking the repo and removing those parts (and the integration-plan delete step) before use. - If you need a final go/no-go: this skill is suspicious (medium confidence). More information about author identity, intended deployment environment, and a signed package would raise confidence. If uncertain, do not install it in production environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e9xp9k0j4sdntx74phtrz2x83xk39

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments