Preqstation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: preqstation-openclaw Version: 0.1.6 This skill is classified as suspicious primarily due to its explicit instructions to disable sandboxing for the underlying coding agents (Claude, Codex, Gemini) using flags like `--dangerously-skip-permissions`, `--dangerously-bypass-approvals-and-sandbox`, and `GEMINI_SANDBOX=false` in SKILL.md. While the skill attempts to mitigate risk through worktree isolation and other 'safety gates' (also defined in SKILL.md), disabling these critical security features creates a significant vulnerability. Additionally, the skill instructs the agent to clone arbitrary user-specified repositories for PR review and to read/write user-provided absolute paths to MEMORY.md, further increasing the attack surface if the agent's internal instructions are bypassed or misinterpreted.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding agent could modify files or run project commands with fewer safety checks than the user expects.
This tells the agent it may use flags that disable sandbox or approval protections when launching local coding agents. The behavior is related to the skill purpose, but it is high-impact and not gated by explicit user approval in the provided text.
Use `dangerously-*` / sandbox-disable flags only for actual coding execution with local trusted CLIs.
Require explicit user confirmation before using any sandbox-disabling or dangerous flag, and prefer sandboxed/default CLI modes unless the user knowingly opts out.
Separate coding tasks may accidentally edit the same workspace or branch, making it harder to review, revert, or isolate changes.
The text calls this a per-task worktree, but the shown path and branch are keyed only by project. Multiple tasks for the same project could share the same branch/worktree, causing changes or running sessions to interfere with each other.
directory: `<worktree_root>/<project_key>` ... `git -C <project_cwd> worktree add -b codex/<project_key> <cwd> HEAD`
Use a unique task ID or timestamp in every worktree path and branch name, and avoid launching a new task if another session is already active in the same worktree.
Local project paths will be saved in the skill’s memory file and reused in later tasks.
The skill persists local workspace path mappings for later reuse. This is purpose-aligned, but stored paths can reveal project locations and an incorrect mapping could redirect future coding work.
This skill reads and updates `MEMORY.md` project mappings with absolute paths.
Review `MEMORY.md` periodically, keep only intended project paths, and confirm mappings before running coding agents.
A coding task may keep running in the background and continue changing files until monitored or stopped.
The skill supports long-running background CLI sessions. This is disclosed and related to coding-agent execution, but users should be aware that work may continue after the initial response.
use `background:true` only when asynchronous execution is needed ... monitor background sessions with `process action:poll` and `process action:log`
Check active sessions, review logs, and stop background tasks when they are no longer needed.