Skillv1.0.0

ClawScan security

Antfarm Workflows · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 19, 2026, 9:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions describe a local Node-based workflow system that manages cron jobs, a SQLite DB, and files under ~/.openclaw, but the skill provides no code, no install, and does not declare the runtime or config paths it actually relies on — this mismatch is concerning and should be investigated before use.
Guidance: This skill's instructions expect a local Node CLI at ~/.openclaw/workspace/antfarm and will create/manage cron jobs, a SQLite DB, and a dashboard — but the skill bundle includes no code and does not declare Node or those config paths. Before installing or invoking: 1) ask the publisher for the source repository or release tarball so you can review the actual code; 2) verify whether ~/.openclaw/workspace/antfarm exists and inspect its contents; 3) ensure you trust any install/uninstall commands (they may delete DBs or create cron jobs); 4) confirm who/what will run the dashboard and whether it will open network ports; and 5) if you do not have or do not want automatic crontab/DB changes, do not run the install/uninstall or force-trigger commands. The current mismatch between metadata and runtime instructions is concerning and should be resolved before use.

Review Dimensions

Purpose & Capability: concernThe skill claims to orchestrate multi-agent workflows via a local CLI at ~/.openclaw/workspace/antfarm/dist/cli/cli.js (invoked with node). Yet the registry metadata lists no required binaries or config paths and the package includes no code or install step. Requiring a Node runtime and an on-disk workspace is expected for this functionality, but those prerequisites are not declared.
Instruction Scope: concernSKILL.md instructs the agent to run commands that manage cron jobs, read/write a shared SQLite DB and operate on files in the user's home (~/.openclaw). It also references a separate 'cron' tool and starting a dashboard (opening a port). Those actions touch system state outside a narrow, read-only query scope and are not declared in the skill metadata.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk by itself. However, the instructions assume pre-existing on-disk code under ~/.openclaw/workspace/antfarm; because no code or install step is provided, the skill either expects external setup or will instruct the agent to run commands that don’t exist locally — an incoherence worth clarifying.
Credentials: concernThe skill declares no environment variables or credentials, but runtime behavior requires access to the user's home directory, crontab, and a local SQLite DB. Those are sensitive resources; the absence of declared config paths or required binaries (e.g., node) is disproportionate to the metadata and could lead to unexpected file/cron/database modifications.
Persistence & Privilege: okalways:false and normal model invocation settings are appropriate. The skill does not request forced-permanent inclusion. The primary concern is not privilege flags but the fact that its instructions manipulate system crons and files if executed.