DualAgentDebate
Security checks across malware telemetry and agentic risk
Overview
The skill appears purpose-aligned, but it reads and writes Open Brain memories and may send private thoughts/context to OpenAI or a local OpenClaw agent.
Before installing, confirm you are comfortable with this skill reading your Open Brain thoughts, sending relevant memory/context through OpenAI or OpenClaw, and saving the debate result back into Open Brain. Use least-privilege MCP credentials and avoid running it on highly sensitive memories unless you have reviewed the configured data path.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private thoughts or memory content may be included in prompts or embeddings and the generated result may become part of future Open Brain memory.
The skill intentionally reads persistent personal memory, uses it in model/embedding workflows, and writes the result back to persistent memory.
Pull related prior thoughts from `public.thoughts` via MCP `execute_sql` ... Compute semantic similarity (OpenAI embeddings) between ChatGPT reply and thoughts ... Persist full outcome into `public.memories`
Use this only with Open Brain data you are comfortable sending through the selected model path, and consider reviewing or deleting the saved memory after sensitive debates.
If the configured MCP SQL tool has broad database privileges, the skill runs with that authority when reading thoughts and saving outcomes.
The script uses an MCP SQL execution tool to access Open Brain tables. This is aligned with the described workflow, but raw SQL-style tools are broader than a narrowly scoped read/write API.
def sql_query(sql_tool: str, query: str) -> dict:
return mcp_call(sql_tool, {"query": query})Point the skill at an MCP endpoint or token with least-privilege access limited to the intended Open Brain tables.
Anyone with access to these tokens may be able to use the associated Open Brain or OpenAI permissions.
The skill supports bearer-token access to Open Brain MCP and optional OpenAI API access. These credentials are expected for the integration and no credential leakage is shown.
export OPENBRAIN_MCP_TOKEN="..." ... export OPENAI_API_KEY="..."
Use scoped tokens where possible, avoid sharing environment files, and rotate credentials if they may have been exposed.
The nested agent path may use the user's existing OpenClaw agent configuration and permissions rather than a narrowly scoped debate-only model call.
When no OpenAI API key is set, the script sends the constructed prompt, including Open Brain context and thoughts, to the user's main OpenClaw agent.
cmd = ["openclaw", "agent", "--json", "--agent", "main", "--thinking", "off", "--message", prompt]
If you use the fallback path, ensure your main OpenClaw agent configuration is appropriate for receiving private memory context, or set an explicit OpenAI API key/model path instead.