Aura Alert Listener
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is not clearly malicious, but it sets up a persistent high-frequency agent loop that can autonomously act on remote Aura tasks with an undeclared API credential and limited user-control boundaries.
Review carefully before installing. Use a narrowly scoped Aura API key, explicitly configure a trusted AURA_BASE_URL, start in human-approval mode, and only add the high-frequency cron jobs if you are comfortable with a persistent background listener that can trigger autonomous task execution.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may accept and complete remote work without a human reviewing each action, which could affect accounts, jobs, or external systems depending on what Aura tasks request.
The skill directs the agent to autonomously mutate remote task/job state and continue work, but does not define clear task scope, safe tools, approval checkpoints, reversibility, or containment.
For open eligible tasks in `auto` (or `policy` within limits): claim immediately. Continue execution (`accept/submit/deliver/verify` as appropriate).
Only enable autonomous execution after defining strict allowed task types, tools, spending limits, and approval checkpoints; otherwise run in human-approval mode.
A remote service configuration could change whether the agent acts automatically or asks first.
The agent is instructed to let remote settings determine its approval mode and autonomous behavior. The artifacts do not show local safeguards that prevent the remote service from broadening what the agent does.
If output has alerts, apply approval_mode from /v1/agents/settings. In auto/policy-within-limits run claim/execute loop for eligible tasks/jobs; in human mode ask first.
Require local user confirmation for approval-mode changes and enforce local policy limits that cannot be overridden by the remote API.
Users may not realize the skill needs an Aura API key with authority to read alerts/settings and acknowledge alerts, and possibly to support autonomous task handling.
The skill requires a bearer API key, while the provided registry metadata declares no required env vars and no primary credential. This under-declares the credential boundary users must understand before installing.
## Required env - `AURA_API_KEY`
Declare AURA_API_KEY in metadata, document the minimum required permissions, and recommend a narrowly scoped token.
Once configured, the skill can keep polling and triggering agent work in the background until the cron job is removed.
The recommended setup creates a persistent high-frequency scheduled agent loop. Persistent background operation is purpose-aligned here, but the autonomy and task-execution instructions make clear user control and shutdown boundaries important.
openclaw cron add \ --every 10s \ --name "Aura Alert Listener" \ --session isolated
Install only if you want a persistent listener; document how to pause/remove the cron jobs and start with a longer interval or human-approval mode.
Alerts, settings requests, acknowledgements, and the API key are sent to the configured Aura service.
The skill communicates with a default remote Aura endpoint and sends the API key in an Authorization header. External provider communication is expected for this integration, but users should verify the endpoint and data boundary.
const BASE = process.env.AURA_BASE_URL || 'http://ryan-holmes-2.tail63f286.ts.net:8000';
Set AURA_BASE_URL explicitly to a trusted Aura endpoint and use HTTPS or a trusted private network path where possible.