DualAgentSolver
Security checks across malware telemetry and agentic risk
Overview
The skill’s behavior matches its description, but it intentionally uses agent/model calls, optional OpenAI access, SQL-backed Open Brain memory, and persistent storage that users should understand before use.
Install/use this only if you are comfortable with the workflow saving its query, intermediate outputs, and final answer into Open Brain memory. If you want local-only behavior, unset OPENAI_API_KEY before running it, and verify the MCP URL points to the Open Brain instance you intend to modify.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or poisoned documentation result could influence the plan the agents produce and later store.
Retrieved documentation is inserted directly into the solver prompt as context. This is purpose-aligned, but retrieved content can shape the agent’s answer if it contains misleading or instruction-like text.
ctx = mcp_call(docs_tool, {"graphql_query": gql}) ... f"Context:\n{context}\n\n"Treat retrieved context as reference material, review the final answer before acting on it, and consider adding prompt guidance that retrieved content must not override the user’s goal.
Running the skill can modify the connected Open Brain database by creating or adding memory rows.
The script uses an MCP SQL tool to create a table and insert memory records. The SQL is bounded to the stated memory purpose, but it is still a database mutation through a raw SQL interface.
sql_tool = os.environ.get("OPENBRAIN_SQL_TOOL", "execute_sql") ... create table if not exists public.memories ... saved = mcp_call(sql_tool, {"query": ins})Confirm OPENBRAIN_MCP_URL points to the intended Open Brain instance, and review or delete saved memory entries if the query was sensitive.
These credentials grant access to the configured services while the script runs.
The skill documents optional credentials for Open Brain MCP and OpenAI. Their use is expected for the integration, and the artifacts do not show hardcoding, logging, or unrelated use.
export OPENBRAIN_MCP_TOKEN="..." ... export OPENAI_API_KEY="..."
Use least-privilege tokens where possible, keep keys out of shared shells or logs, and unset OPENAI_API_KEY if you do not want the second agent to use OpenAI.
Sensitive problem details or flawed generated advice may remain in Open Brain memory after the run.
The saved memory includes the user query, round-by-round solver and critic outputs, and final solution. This is disclosed and purpose-aligned, but it persists generated content for possible future reuse.
outcome = {"query": args.query, "rounds": rounds, "final_solution": final_solution, ...} ... json.dumps(outcome, ensure_ascii=False)[:14000]Avoid running confidential queries unless you are comfortable saving them, and periodically review or remove stored dual-agent-solver memory entries.
Solver output and possibly problem details may be sent outside the local OpenClaw/Open Brain environment to OpenAI.
When OPENAI_API_KEY is present, the critic turn is sent to OpenAI; otherwise it uses another OpenClaw agent. This external/provider handoff is disclosed and central to the two-agent design.
if not key: return openclaw_agent_turn(system_role, prompt) ... post_json("https://api.openai.com/v1/chat/completions", payload, headers=headers, timeout=90)Unset OPENAI_API_KEY for local-only operation, and avoid using the OpenAI path for prompts containing data you cannot share with that provider.