Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent-init
v1.0.0Initialize and configure OpenClaw agent workspace MD files (AGENTS.md, SOUL.md, IDENTITY.md, USER.md, TOOLS.md, BOOTSTRAP.md, HEARTBEAT.md). Use when: settin...
⭐ 0· 220·0 current·0 all-time
byteamclaw@szsip239
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and included templates/scripts align with the stated goal of initializing OpenClaw workspace MD files. The files (SKILL.md, templates, workspace guide) and the check-env script are coherent for generating and writing agent workspace files.
Instruction Scope
Runtime instructions are focused on interviewing the user, checking environment, and showing/writing workspace files to host or container. They require reading the existing AGENTS.md and other workspace files and run docker exec or file-write commands as expected. The SKILL.md also instructs never to include secrets and to show generated content before writing — which is responsible. However, the instructions include an optional automatic install step that downloads and executes a script from a remote host (astral.sh), which expands the skill's scope to performing network installs on the target system.
Install Mechanism
There is no formal install spec, but scripts/check-env.sh uses curl -LsSf https://astral.sh/uv/install.sh | sh to install 'uv' when run with --install. Downloading and piping an arbitrary install script from an external personal/unknown domain is a high-risk install pattern because the script will be executed with shell privileges and there is no signature or checksum verification. The rest of the skill is instruction-only and writes files via cat/docker exec (expected).
Credentials
The skill does not request environment variables, credentials, or config paths beyond reading/writing workspace files. That is proportional to the described task. Minor oddity: .claude/settings.local.json contains a permission allowing a specific git ls-files command against a local path (/Users/clawdbot/.../data/skills/agent-init/), which looks like a leftover local test/permission entry but does not itself require new credentials.
Persistence & Privilege
always is false and the skill does not claim to force-enable itself or modify other skills. It writes per-agent workspace files and uses container/host write methods as expected. No elevated persistent privileges are requested.
What to consider before installing
This skill otherwise appears coherent for creating and updating OpenClaw workspace files, but stop and review before running any automatic installer. The included script suggests installing 'uv' via piping a script from https://astral.sh/install.sh — downloading and running shell scripts from an unknown domain is risky. Before using the skill: (1) Inspect the install script at the URL yourself (do not pipe blindly to sh); (2) prefer installing 'uv' via your OS/package manager or a verified release if available; (3) run the check-env script in a safe/test environment or container first; (4) back up existing AGENTS.md/SOUL.md/etc. and confirm the skill won't overwrite critical sections (SKILL.md instructs to extend not replace — follow that); (5) confirm the container and workspace paths are correct for your instance; and (6) avoid putting secrets into generated workspace MD files because they are injected into prompts every turn.Like a lobster shell, security has layers — review code before you run it.
latestvk971nn8ynb0cardgjjxkratd1s82vgzv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.