Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Preqstation
v0.1.8Delegate PREQSTATION coding tasks to Claude Code, Codex CLI, or Gemini CLI with PTY-safe execution (workdir + background + monitoring). Use when building, re...
⭐ 0· 635·2 current·2 all-time
by@sonim1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (delegate local coding tasks to claude/codex/gemini CLIs with worktrees/background/monitoring) aligns with the SKILL.md instructions. However the published registry metadata and the SKILL.md disagree: the registry lists no required binaries and no env vars, but SKILL.md requires at least one engine binary (claude/codex/gemini) and also requires git on PATH. This metadata mismatch is unexpected and worth correcting before trusting the package manifest.
Instruction Scope
The instructions instruct the agent to read and update MEMORY.md (project-to-path mappings), create git worktrees, and launch local CLIs in those worktrees using pty/background/monitoring. These actions are coherent for the purpose, but they involve modifying repository files and running arbitrary local binaries (claude/codex/gemini and any commands run via them) — a user should explicitly consent to the skill modifying MEMORY.md and executing in local workspaces. SKILL.md also references OPENCLAW_WORKTREE_ROOT (an environment variable) and enforces absolute-path validation; the skill both reads and writes local filesystem state, which increases risk if mappings point to sensitive directories.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or executed from remote URLs by the skill package itself.
Credentials
The skill does not request cloud credentials or secrets, which is appropriate. However SKILL.md expects an optional OPENCLAW_WORKTREE_ROOT env var and requires git and engine binaries, while the registry metadata declares none. This inconsistency between declared requirements and runtime instructions is a proportionality/manifest problem: the skill will fail or behave unexpectedly if those runtime prerequisites are not present, and the package manifest does not advertise them.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation. It writes to its own MEMORY.md mapping file in the repository and creates per-task git worktrees under a configurable root; it does not claim system-wide or other-skills privileges. Still, autonomous invocation combined with the ability to launch local binaries and modify workspace mappings increases the blast radius — consider restricting autonomous invocation if you are concerned.
What to consider before installing
This skill is largely coherent with its stated purpose: it runs local coding CLIs in per-task git worktrees and keeps a MEMORY.md mapping of projects. Before installing, verify the following: (1) you have and trust the local CLI binaries (claude/codex/gemini) and git — the skill expects them though the registry metadata does not list git or the env var; (2) understand and approve that the skill will read and update MEMORY.md in the repository (it will store absolute paths you provide); (3) ensure mappings do not point to sensitive system directories and that OPENCLAW_WORKTREE_ROOT (default /tmp/openclaw-worktrees) is acceptable; (4) consider disabling autonomous invocation if you do not want the agent to autonomously launch local CLIs or modify files; (5) ask the publisher to fix the package metadata (declare git as a required binary and OPENCLAW_WORKTREE_ROOT in requires.env) so the manifest matches runtime expectations. If any of these are unacceptable or the metadata remains inconsistent, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97f98tajz9hzfm2dkmrc3smfh82987k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Any binclaude, codex, gemini