ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Create Agent

v0.1.0

Create and wire a new OpenClaw agent with a fixed workflow. Use when the user asks to create/add a new OpenClaw agent or says “我要创建一个新的 Agent”, automate mult...

0· 361·0 current·0 all-time
by@xiaowen-0725
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's stated purpose (create/wire an OpenClaw Feishu agent) matches the instructions and bundled script. However, the registry metadata declares no required binaries while SKILL.md and the script explicitly depend on the 'openclaw' CLI and Python 3 (to run scripts/upsert_openclaw_agent.py). The metadata omission is an inconsistency that should be corrected before install.
Instruction Scope
Runtime instructions are narrowly scoped to OpenClaw configuration tasks: checking and backing up ~/.openclaw/openclaw.json, running the OpenClaw CLI (agents add, gateway restart, logs), extracting a peer id from logs, and running the included Python script to upsert accounts, bindings, and dmScope. The steps are explicit and constrained to the stated Feishu use-case; they do not instruct reading or transmitting unrelated system secrets or contacting external endpoints beyond the local OpenClaw CLI.
Install Mechanism
There is no external install spec (instruction-only with a bundled script). No remote downloads or third-party packages are pulled during install. The script is included in the package, so no network fetch is required — low install risk.
Credentials
The skill does not declare or require platform environment variables, which is coherent. It does, however, accept sensitive credentials (app_secret, app_id) as inputs and will write them into ~/.openclaw/openclaw.json. Storing secrets in that file may be expected for OpenClaw but is sensitive — users should confirm they are comfortable putting credentials into that config and ensure file permissions are secure. Also note the metadata omission of the required 'openclaw' CLI and python3 binary.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It writes only to the OpenClaw config path (~/.openclaw/openclaw.json) and creates a timestamped backup; it does not modify other skills or system-wide settings beyond OpenClaw's own config and gateway restart, which is consistent with its purpose.
Assessment
This skill appears to do what it claims: create an OpenClaw Feishu agent and update your ~/.openclaw/openclaw.json. Before running it: 1) Confirm you have the OpenClaw CLI installed and on PATH and have python3 available — the SKILL.md expects these but the package metadata did not declare them. 2) Review the included scripts/upsert_openclaw_agent.py yourself (it is bundled and readable) and consider using the --dry-run flag first; the script will print a JSON summary. 3) Understand that if you provide app_secret/app_id those values will be written into ~/.openclaw/openclaw.json (a backup copy is created), so ensure that file is stored with appropriate permissions and that you trust this environment. 4) Follow the Step 0.5 gating for peer/group workflows to avoid accidental config changes. If you want higher assurance, run the script on a copy of your config or a test environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97103cv2sywdpnrsxm7wqyb8d8227mc
361downloads
0stars
1versions
Updated 7h ago
v0.1.0
MIT-0
@xiaowen-0725
latest
Download

OpenClaw Create Agent

Use this skill to create one new OpenClaw agent and finish routing/config updates in one pass.

This skill is Feishu-only. Do not use it for Telegram, Slack, Discord, or other channels.

Required Inputs

First align the user's target scenario, then collect fields. Ask only for missing required fields.

Scenario alignment question (must ask first):

  • Option A: create a new bot/app and map it to a new agent (routing_mode=account)
  • Option B: map an existing/new group to a new agent under one bot (routing_mode=peer)
FieldRequiredNotes
agent_idyeslowercase letters, digits, - only
workspaceyesuse absolute path for project workspace
modelnooptional model override for this agent
routing_modeyesaccount or peer
channelnofixed to feishu

For routing_mode=account (one bot per agent), collect:

  • account_id (required)
  • app_id, app_secret, bot_name (optional but recommended)

For routing_mode=peer (single bot, multi-group), collect:

  • peer_kind (group or direct, required)
  • peer_id (required)
  • account_id (optional, narrows matching if provided)
  • if this is a new group, collect peer_id only after guided gates in Step 0.5

Workflow

  1. Align scenario (new bot per agent or multi-group per agent).
  2. For multi-group scenarios, run guided gates in Step 0.5.
  3. Read current config and backup.
  4. Create agent runtime with OpenClaw CLI.
  5. Upsert config for channel account, binding, and dmScope.
  6. Restart gateway and verify.
  7. Return a concise change summary.

Step 0: Align Requirement

Ask this first:

你是要哪一种?
1) 新建一个机器人,对应一个新 Agent(account 路由)
2) 已有一个机器人,在新群里绑定一个新 Agent(peer 路由)

Map answer:

  • option 1 -> routing_mode=account
  • option 2 -> routing_mode=peer

If answer is ambiguous, stop and clarify before editing config.

Step 0.5: Multi-Group Guided Gates

Apply this step when the user is doing multi-group multi-agent routing.

  1. Guide the user to create a new group and add the bot into that group.
  2. Pause and wait for explicit confirmation: 已创建群.
  3. Only after receiving 已创建群, guide the user to send one message in that group to generate logs.
  4. Pause and wait for explicit confirmation: 已发送.
  5. Only after receiving 已发送, check OpenClaw logs and extract chat_id (format oc_xxxxx).

Suggested command:

openclaw logs --follow

Expected signal in logs:

Received message from peer: { kind: "group", id: "oc_xxxxxxxxxxxxxxxx" }

Step 1: Precheck and Backup

Run:

test -f ~/.openclaw/openclaw.json
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.$(date +%Y%m%d%H%M%S)

If config file is missing, stop and ask user to initialize OpenClaw first.

Step 2: Create Agent Runtime

Run OpenClaw CLI first (required):

openclaw agents add <agent_id> --workspace <workspace> --non-interactive

If model is provided:

openclaw agents add <agent_id> --workspace <workspace> --model <model> --non-interactive

Step 3: Upsert openclaw.json

Use the bundled script:

python3 scripts/upsert_openclaw_agent.py \
  --config ~/.openclaw/openclaw.json \
  --agent-id <agent_id> \
  --routing-mode <account|peer> \
  [--account-id <account_id>] \
  [--app-id <app_id>] \
  [--app-secret <app_secret>] \
  [--bot-name <bot_name>] \
  [--peer-kind <group|direct>] \
  [--peer-id <peer_id>]

Run from this skill folder, or replace scripts/upsert_openclaw_agent.py with its absolute path.

Script behavior:

  • upsert channels.<channel>.accounts.<account_id> when account mode is used
  • upsert one binding for this agent
  • always enforce session.dmScope = per-account-channel-peer for multi-agent Feishu setup

Read references/routing-modes.md when routing choice is unclear.

Step 4: Restart and Verify

Run:

openclaw gateway restart
openclaw agents list --bindings

Validate:

  • target agent appears in list
  • binding points to expected channel/account or channel/peer

Step 5: Report Output

Return:

  • created/updated binding match
  • whether account entry was added/updated
  • whether dmScope changed
  • verification command results

Constraints

  • Preserve existing unrelated agents/accounts/bindings.
  • Reject route conflicts (same channel/account/peer route already used by another agent).
  • Avoid interactive prompts unless user explicitly asks for interactive mode.
  • Assume channel=feishu only.
  • In multi-group scenarios, do not continue past Step 0.5 until receiving 已创建群 and then 已发送.

Comments

Loading comments...