ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Become Ceo

v1.5.0

Your AI executive team on Discord. 7 specialists (engineering, finance, marketing, devops, legal, management, chief of staff) each with its own model and per...

2· 502·0 current·0 all-time
byboluobobo@wanikua
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to create a multi-bot AI 'executive team' on Discord and the SKILL.md plus the provided config template consistently require a clawdbot binary, LLM API key(s), and multiple Discord bot tokens — these requirements align with the stated purpose. However, the registry metadata lists no required environment variables or config paths while SKILL.md metadata declares credentials (LLM_API_KEY, DISCORD_BOT_TOKEN) and config path (~/.clawdbot/clawdbot.json). This metadata mismatch is an inconsistency that should be clarified.
!
Instruction Scope
Instructions tell the operator to install an npm package globally, copy the template to ~/.clawdbot/clawdbot.json, fill in LLM and Discord tokens (multiple token placeholders exist), and start a user systemd service. Agents are expected to read workspace memory files and persistent config. There is explicit guidance to set Discord bots' groupPolicy to 'open' (which broadens what bots will see/say). These steps are coherent for deploying bots but instruct storing many sensitive tokens in a file under the home directory and running a persistent gateway service — both increase blast radius if the installed code or system is compromised. The SKILL.md also mentions a sandbox but notes it is off by default; if you do not enable sandboxing, agents will have normal network access and could exfiltrate data.
Install Mechanism
The install spec uses an npm package (clawdbot) that creates the 'clawdbot' binary. Installing an npm package globally is expected for this type of skill but is a moderate-risk install source compared to a vetted system package; you should inspect the npm package and its source repository (GitHub link provided) before running 'npm install -g'. No opaque download URLs or archive extraction are present in the manifest.
!
Credentials
The service legitimately needs an LLM API key and multiple Discord bot tokens to operate, which the templates show (LLM API, $DISCORD_BOT_TOKEN_MAIN, _ENGINEERING, _FINANCE, etc.). That many tokens and LLM credentials are sensitive but proportionate to a multi-bot Discord deployment. The concern is the manifest/registry metadata omission: required env vars and config paths are not declared there, so automated checks or permission prompts might not surface the true credential needs. Also the suggested placement of tokens inside ~/.clawdbot/clawdbot.json is persistent and should be protected (file permissions, secret manager, or gateway-handled auth).
Persistence & Privilege
The skill instructs starting a user-level systemd service (clawdbot-gateway), which creates a long-running process on the host that will hold credentials and handle bot traffic — this is expected for a bot gateway but increases persistence and blast radius. The skill is not marked always:true and does not request modifying other skills. Review the service unit and runtime privileges before enabling it.
What to consider before installing
This skill is coherent with its goal (running multiple AI-powered Discord bots) but there are important warnings you should heed before installing: - Metadata mismatch: The package registry entry claims no required env vars or config paths, but SKILL.md and the config template clearly require LLM API credentials and many Discord bot tokens and reference ~/.clawdbot/clawdbot.json. Do not rely solely on the registry metadata — assume you will need to provide sensitive keys. - Inspect the npm package: 'npm install -g clawdbot' will install code that will run with your user privileges and hold your tokens. Review the package source on the linked GitHub, and preferably inspect the installed code before running it as a service. - Protect credentials: The template stores multiple tokens in ~/.clawdbot/clawdbot.json. Use strict file permissions, consider using a secrets manager or letting the gateway handle auth in memory rather than writing tokens to disk. - Run in a sandbox/least privilege: The skill mentions a sandbox but it is off by default. If possible, enable the containerized, network-isolated sandbox to reduce risk of data exfiltration by agents. If you must run without sandboxing, isolate the server and use dedicated bot accounts with minimal privileges. - Verify Discord settings: The config requires 'groupPolicy': 'open' and enabling privileged intents — that grants bots broader access to messages and members. Use dedicated bot accounts and only enable intents required for functionality. - Service review: Before starting 'systemctl --user start clawdbot-gateway', inspect the service unit (what user, what environment it will load) to ensure it won't inadvertently expose secrets. If you want, I can: (1) list the exact placeholders and sensitive fields from the template for you to audit, (2) suggest a safer workflow for keeping tokens out of disk (e.g., environment injection, secrets manager), or (3) help review the GitHub repo source if you provide its package contents or a link to the npm package contents.

Like a lobster shell, security has layers — review code before you run it.

latestvk9728w2evm6jqwdzv3cc2bvxg98237ss

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏛️ Clawdis
Binsclawdbot

Install

Install Clawdbot
Bins: clawdbot
npm i -g clawdbot

Comments