add-openclaw-agent
Security checks across malware telemetry and agentic risk
Overview
The skill matches its stated purpose, but it intentionally creates persistent OpenClaw agent state and edits future operating rules, so users should review the command and resulting files.
Before installing, be comfortable with a skill that can run `openclaw agents add` after confirmation and edit your OpenClaw workspace. Review the exact agent name, workspace path, IDENTITY.md, and AGENTS.md contents, and use only a trusted local OpenClaw CLI.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms, the agent can run an OpenClaw CLI command that creates or changes local OpenClaw agent configuration.
The skill instructs local command execution that changes OpenClaw agent state, but it is central to the purpose and explicitly confirmation-gated.
Use the **exec** tool to run the OpenClaw CLI... Before running creation, explicitly ask for confirmation... Only execute the command after the user confirms.
Confirm the exact command, agent name, and workspace path before allowing execution.
The skill will rely on whatever local `openclaw` CLI is available in the user environment.
The metadata does not predeclare the OpenClaw CLI dependency even though SKILL.md instructs using it. Since no helper code or remote install is included, this is a metadata/provenance notice rather than a concern.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Use this only with a trusted, expected OpenClaw CLI installation.
Future behavior of the new agent may be shaped by whatever is appended to AGENTS.md.
The skill writes persistent instructions that future agent sessions may rely on. This is expected for creating an agent, but users should ensure the stored rules are accurate and bounded.
Edit the new workspace file: `~/.openclaw/workspace-<agent-id>/AGENTS.md` ... Put **task definition** and **operating rules** here
Review the appended AGENTS.md rules and keep scope, safety boundaries, and allowed tools explicit.
A new agent and workspace may remain available in OpenClaw until the user removes or changes it.
The skill intentionally creates a new persistent OpenClaw agent. The behavior is disclosed and user-confirmed, but it persists beyond the initial interaction.
Create a new isolated OpenClaw agent ... `openclaw agents add <agent-name> --workspace ~/.openclaw/workspace-<agent-id> --non-interactive --json`
Create only agents you intend to keep, verify the workspace, and avoid optional routing or binding flags unless you understand the effect.