Agent HQ
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-hq Version: 1.0.1 The skill instructs the agent to clone an external GitHub repository (`https://github.com/thibautrey/agent-hq.git`) and install its Node.js dependencies via `npm install`, introducing supply chain risks as the content of the external repository and its dependencies are not analyzed. Additionally, it instructs the agent to configure cron jobs for application automation, which establishes persistence. While these actions align with the stated purpose of deploying an application, they represent significant high-risk capabilities without clear evidence of intentional malicious behavior within the provided `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be running code and dependencies from outside this skill package.
The setup relies on an external GitHub repository and npm dependency installation that are not bundled or pinned in the provided artifact.
git clone https://github.com/thibautrey/agent-hq.git cd agent-hq npm install npm --prefix frontend-react install
Review the repository, pin a trusted tag or commit, and inspect dependency files before installing.
If these credentials are mishandled, someone could send messages through your Telegram bot or learn the target chat.
The skill expects Telegram credentials for notifications, which is purpose-aligned but sensitive and not declared in the registry credential requirements.
Edit `config/telegram.json` with your `botToken`/`chatId` (or set `AGENT_HQ_TELEGRAM_TOKEN`/`AGENT_HQ_TELEGRAM_CHAT_ID`). Keep this file secret.
Use a dedicated low-privilege bot, keep the config file out of source control, set an API token for mutating endpoints, and rotate tokens if exposed.
If the service is exposed without protection, others could potentially create board changes or trigger alerts.
The runtime API includes an endpoint that can trigger an outgoing Telegram notification; this is expected for an alerting stack but should remain controlled.
Trigger Telegram alert: `curl -X POST http://localhost:4000/api/notify-telegram`
Keep the service bound to trusted networks, enable `AGENT_HQ_API_TOKEN`, and avoid exposing the API publicly without authentication.
Notifications or heartbeats may continue running until the cron job is disabled.
The skill describes scheduled background notification jobs, which are disclosed and purpose-aligned but create ongoing automation after setup.
Configure cron jobs (Heartbeats + Telegram): ... Telegram notifier cron (see `run-telegram-notifier.sh`).
Install cron jobs only if needed, run them under an unprivileged account, and document how to disable or remove them.