ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Setup Client Workspace (TNCG)

v1.1.0

Mise en place d'un workspace agent dédié pour un nouveau client TNCG. Utiliser quand Erwan demande de configurer un nouvel agent client (workspace, fichiers...

0· 55·0 current·0 all-time
byErwan Lee Pesle@superworldsavior
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the instructions: creating a workspace, generating SOUL/IDENTITY/USER/MEMORY/TOOLS files, configuring openclaw.json, pairing WhatsApp and enabling a sandbox are coherent tasks for a setup/orchestrator skill. The requested actions (editing workspace files, creating agent entries, WhatsApp pairing) are expected for onboarding.
!
Instruction Scope
The SKILL.md and referenced docs instruct reading/writing system paths (e.g. ~/.openclaw, /home/ubuntu/.openclaw/agents/...), editing openclaw.json, restarting the gateway, running docker/systemctl checks, creating socat bridges and copying/ installing other skills. They also reference environment variables and secrets (HOOKS_TOKEN, GATEWAY_HOST, GATEWAY_PORT, NANGO_PROD_SECRET_KEY, TAVILY_API_KEY, JINA_API_KEY, per-agent OPENAI_API_KEY, etc.) that are not declared in metadata. Because the skill is instruction-only, these instructions are the security surface — they ask an operator/agent to touch system-wide config and sensitive credentials, which is within the setup scope but must be made explicit to downstream operators.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code to execute. It references running local commands like 'clawhub install' and copying skills from other workspaces, but there are no external download URLs or archive extraction steps in the skill files. That lowers tooling-install risk, though the 'clawhub install' step will pull external packages at runtime (not described in metadata).
!
Credentials
The documentation requires multiple sensitive keys and secrets (per-agent OPENAI_API_KEY to be stored in auth-profiles.json and in container env, NANGO_PROD_SECRET_KEY, TAVILY_API_KEY, JINA_API_KEY, HOOKS_TOKEN, gateway host/port, etc.). These are relevant to the onboarding workflow, but the skill metadata declares no required env/config items. Storing API keys into agent auth JSON files (written to disk) and propagating keys into sandbox envs is justified for Whisper/SDK access, but is sensitive and should be explicit in the skill metadata and operator consent. The number and breadth of secrets is significant for a single onboarding playbook.
Persistence & Privilege
The skill's procedures modify global/system configuration (openclaw.json), add agents to inter-agent allow lists, copy other skills, and restart the gateway — actions that change system-wide state. This is expected for a setup/orchestrator but represents high privilege. The skill metadata does not request 'always: true' and is user-invocable, which is appropriate; nevertheless, the operator must be aware these steps will affect other agents and services.
What to consider before installing
This skill is plausibly a legitimate onboarding playbook, but it performs system-level configuration and asks you to store and propagate many secrets without declaring them. Before installing or running it: 1) Verify you trust the source (the files will edit ~/.openclaw and openclaw.json and restart the gateway). 2) Back up openclaw.json and any system config and confirm who is authorized to make these changes. 3) Confirm where API keys will be stored — the procedure writes per-agent OpenAI keys into auth-profiles.json and into sandbox envs; ensure keys are generated per-agent and have least privilege. 4) Audit any 'clawhub install' packages and copied skills (self-improving-agent, tavily-search, escalation) before running them. 5) Pin sandbox images and avoid wildcard allowSendTo = ["*"] unless you accept sending messages to arbitrary numbers. 6) Make the required secrets and env vars explicit in your deployment checklist (HOOKS_TOKEN, GATEWAY_HOST/PORT, NANGO_PROD_SECRET_KEY, TAVILY_API_KEY, JINA_API_KEY, per-agent OPENAI_API_KEY). 7) If an autonomous agent will execute these instructions, restrict that agent's rights and require human approval for the actual config changes. If you want a stricter assessment, provide logs of any 'clawhub install' operations, the openclaw.json target before/after, and the exact commands you expect the agent to run so I can check for inconsistencies or hidden endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ved038cbw0x4dx9hyft6s183dtez

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments