Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Squad Control
v1.4.0Integrate with Squad Control kanban for AI agent task orchestration. ⚠️ Security note: This skill handles GitHub tokens and API keys by design — it clones pr...
⭐ 0· 551·0 current·0 all-time
byWilson Gan@wgan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly requires SC_API_URL and SC_API_KEY and explains GitHub token usage (cloning private repos, creating PRs). However the registry metadata lists no required environment variables or primary credential — that mismatch is an incoherence. The declared capabilities (repo cloning, PR creation, spawning sub-agents) do align with the skill name and description, so the functionality itself is plausible, but the missing/incorrect metadata is concerning.
Instruction Scope
Runtime instructions explicitly read/persist secrets (SC_API_KEY in ~/.openclaw/openclaw.json), call Squad Control APIs, use per-workspace githubToken values returned by the API, clone/push repos, and call local OpenClaw endpoints to spawn sessions. These actions are in-scope for a kanban/orchestration integration. Two issues to note: (1) SKILL.md references a wake-listener script (scripts/wake-listener.sh) that is not present in the file manifest — an inconsistency; (2) instructions encourage storing SC_API_KEY in persistent config and wiring cron jobs, which increases the attack surface if the key is account-scoped.
Install Mechanism
There is no network install/download spec; scripts and documentation are bundled with the skill (python/bash tests and parser). Instruction-only with bundled scripts is lower-risk than fetching arbitrary remote archives. No suspicious remote install URLs were used.
Credentials
The skill legitimately needs SC_API_URL and SC_API_KEY and may use a GITHUB_TOKEN for private repos. But an account-scoped SC_API_KEY can expose multiple workspaces' repo URLs and embedded githubToken values — granting broad repo-level write access. The SKILL.md also encourages persisting SC_API_KEY in ~/.openclaw/openclaw.json and optionally pointing to local gateway tokens, increasing persistence of secrets. The registry metadata's omission of required env vars amplifies the risk because an operator might not realize sensitive keys are needed.
Persistence & Privilege
always:false and normal agent invocation are appropriate. The real persistence concern is operational: the setup instructions require adding SC_API_KEY to OpenClaw config and scheduling cron jobs that run the skill periodically and can spawn sub-agents. This is expected for an orchestrator but increases blast radius if the API key is account-scoped or the Squad Control instance is untrusted.
What to consider before installing
What to check before installing:
- Confirm the registry metadata is updated: SKILL.md requires SC_API_URL and SC_API_KEY but the registry lists none — ask the publisher to fix this.
- Prefer a workspace-scoped SC_API_KEY instead of an account-scoped key unless you intentionally need multi-workspace polling. Account-scoped keys can expose per-workspace githubToken fields (write access to repos).
- Review the included scripts yourself (poll-tasks.sh, poll-parser.py, tests). They perform network calls and git operations — inspect and run tests in an isolated environment first.
- The setup instructs storing SC_API_KEY in ~/.openclaw/openclaw.json and creating cron jobs; understand that this persists a sensitive secret on disk. Consider protecting that file, using least-privilege keys, and rotating tokens regularly.
- The SKILL.md references a wake-listener script (scripts/wake-listener.sh) that is not in the bundle — ask the publisher for the missing file or an updated SKILL.md to avoid runtime surprises.
- If you will allow the skill to spawn local sub-agents or call the local gateway, audit and restrict SC_WAKE_LOCAL_GATEWAY_TOKEN / gateway.token usage and ensure your OpenClaw runtime is secured.
- If you do not fully trust the Squad Control instance, do not provide account-scoped keys or allow the skill to persist credentials. When in doubt, keep keys workspace-scoped and grant minimal GitHub PAT scopes.Like a lobster shell, security has layers — review code before you run it.
latestvk97c15nd360mywf0a9r345d94s830zax
License
MIT-0
Free to use, modify, and redistribute. No attribution required.