ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Scout

v1.0.0

Create and configure Scout research assistant agent. Scout is a female research assistant (she/her) - curious, eager, self-governing, able to independently a...

0· 49·1 current·1 all-time
by@stefanferreira
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name/description (creating a research assistant with Telegram and research tools) matches the configuration steps provided. However, the SKILL.md expects external credentials and services (Telegram bot token, Brave Search API key, OpenAI as a memory provider) while the registry metadata declares no required env vars or credentials; the workspace path is set to /root/.openclaw/workspace which implies elevated or system-level access that is not explained.
!
Instruction Scope
Instructions direct the operator to set tokens and enable broad capabilities: web_search, web_fetch, memory_search (provider=openai), sessions_send and inter-agent sessions with agent:lourens:main. They reference verifying Brave Search API keys and bot tokens, and configure an allowlist. While these are relevant to a research agent, the instructions also hard-code system paths and grant inter-agent messaging and skill-provisioning privileges without listing the required credentials explicitly, increasing the chance of misconfiguration or unintended data access/exfiltration.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That lowers supply-chain risk.
!
Credentials
Registry metadata declares no required env vars, yet the instructions clearly require at least a Telegram BOT_TOKEN, potentially a Brave Search API key, and OpenAI credentials for memorySearch.provider. That mismatch is disproportionate: sensitive credentials are needed but not declared, and there is no guidance about scoping or limiting those credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). However it instructs enabling sessions_send and allowing specific inter-agent sessions (agent:lourens:main), which grants the agent the ability to message other agents; this is consistent with the stated collaboration goal but increases blast radius if misconfigured.
What to consider before installing
This SKILL.md is plausible for creating a research agent, but it omits critical details and requests broad runtime capabilities. Before installing or running these commands: (1) Confirm and provision only the minimum credentials needed (Telegram BOT_TOKEN, Brave Search key, OpenAI key) and limit their scope and rotation; (2) Avoid using /root/.openclaw/workspace — choose a non-root workspace or explain why root is needed; (3) Review and approve the agent's tool permissions (web_fetch/web_search/memory) and inter-agent session targets (e.g., agent:lourens:main) so it cannot exfiltrate data or message other agents unexpectedly; (4) Add explicit declarations for required environment variables and any secrets in the skill metadata so you can audit them; and (5) If you cannot verify who controls Lourens or the referenced skills, do not enable sessions_send or cross-agent allowances until validated.

Like a lobster shell, security has layers — review code before you run it.

latestvk978pxd3shjkeemt0tfgjnk28184j1hr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments