ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Preqstation

v0.1.6

Delegate PREQSTATION coding tasks to Claude Code, Codex CLI, or Gemini CLI with PTY-safe execution (workdir + background + monitoring). Use when building, re...

1· 395·0 current·0 all-time
by@sonim1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to delegate coding tasks to local CLI engines (claude/codex/gemini) and to manage git worktrees; its declared prerequisites (git and at least one engine binary) and use of a per-task worktree are appropriate and proportional to that purpose.
Instruction Scope
Instructions direct the agent to read and update the skill's MEMORY.md (a Projects table of absolute paths) and to create and operate inside git worktrees derived from those paths. This is coherent with the stated goal, but it means the skill will be given access to arbitrary absolute project paths you provide and will run engine commands in those worktrees (i.e., it can execute arbitrary operations inside mapped project directories).
Install Mechanism
There is no install spec and no code files to install or execute; the skill is instruction-only, which minimizes supply-chain/install risk.
Credentials
The skill requests no secrets and only optionally uses OPENCLAW_WORKTREE_ROOT. That is appropriate. However, it requires the agent to resolve absolute filesystem paths (project_cwd) provided by the user and will create worktrees under a chosen root, so filesystem access is inherent and must be considered by the user (do not map sensitive system directories).
Persistence & Privilege
always:false and no special system config or other skills' config are requested. The skill will update its own MEMORY.md to store project mappings — this is expected behavior and limited to its repository file.
Assessment
This skill is coherent for delegating coding tasks to local CLI engines, but before installing: (1) ensure you have and trust the claude/codex/gemini CLI binaries the skill will invoke, (2) be aware it will read and update MEMORY.md in the skill repo to store absolute paths you provide and will run git/worktree commands and engine commands inside those mapped project worktrees, so only add project paths you control (avoid mapping system or sensitive directories), (3) confirm the OPENCLAW_WORKTREE_ROOT location (default /tmp/openclaw-worktrees) is acceptable, and (4) if you need more restriction, do not add mappings or grant the agent autonomous runs that will launch engine commands without explicit confirmation.

Like a lobster shell, security has layers — review code before you run it.

latestvk972zr2ghkpw4atydat5dffmks81tetm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binclaude, codex, gemini

Comments