ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

React Orchestrator

v0.1.0

基于 ReAct 框架的双系统 AI 代理协调器,自动评估任务复杂度并在快速执行与深度推理间智能切换,实现高效分层推理。

0· 46·0 current·0 all-time
by@yuyonghao-123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The implementation (orchestrator, LLM integration, HITL, Code Mode, tool registry) matches the described ReAct orchestrator purpose. However the code references capabilities and external services not declared in the registry metadata: templates and examples reference TAVILY_API_KEY, tavily-search and rag-retriever integrations, and the CodeMode expects node/powershell execution support. The skill metadata declares no required environment variables or binaries despite clearly depending on them, which is an incoherence (likely sloppy packaging).
!
Instruction Scope
SKILL.md and other docs instruct the agent/user to register tools that may perform network calls and file I/O. The code includes templates that read/write arbitrary filesystem paths and spawn child processes to execute generated code (Node and PowerShell). SKILL.md does not declare that the orchestrator will execute generated code or require access to environment secrets like TAVILY_API_KEY, but the runtime templates and usage examples do. The agent instructions therefore have broader scope than the declared metadata and permit operations (arbitrary code execution, file writes, PowerShell ExecutionPolicy bypass, outbound network calls) that the registry did not surface.
Install Mechanism
There is no install spec in the registry (instruction-only), and the repository is a normal Node project (package.json). No remote download/install URLs or extract steps are present in registry metadata. That said, the package references external packages (e.g., 'tavily-search', 'rag-retriever') in examples and templates that are not listed in package.json, so installing via npm install may not provide all referenced code. The installation mechanism itself is low-risk, but missing dependency declarations are an operational coherence issue.
!
Credentials
The registry claims no required env vars, yet code templates and examples expect process.env.TAVILY_API_KEY and use Authorization headers for external APIs. CodeMode templates also call external endpoints (https://api.tavily.com) and spawn processes with full process.env forwarded. The skill therefore requires secrets / env access not declared in metadata. In addition, CodeMode uses filesystem access and spawns child processes (node, powershell.exe) which are powerful privileges relative to a library that could have been designed as purely in-process orchestration.
Persistence & Privilege
The skill does not request always:true and does not declare system-wide configuration changes. However it provides a Code Mode that writes temporary files and executes them (Node/Powershell), and a HITL flow that may require integrating UI/webhooks. Autonomous invocation is allowed by default (disable-model-invocation=false). Combined with the ability to execute arbitrary code and call external services, autonomous invocation increases blast radius — this is not flagged alone by policy but should inform user caution and configuration choices (e.g., enable HITL, restrict autoApprove).
What to consider before installing
High-level things to check before installing or running: - Missing declarations: the package metadata lists no required env vars or binaries, but the code and examples use process.env.TAVILY_API_KEY and expect 'tavily-search'/'rag-retriever' style modules. Confirm what environment variables and extra packages you must provide. - Code execution risk: CodeMode writes temporary files and spawns child processes (node and PowerShell with ExecutionPolicy Bypass). If you run this on a host with sensitive files or with network access, generated code could read/write files or execute commands. Prefer running in an isolated container/VM and review/disable CodeMode if you don't trust generated code. - File I/O and tools: Built-in templates include file-read and file-write that perform arbitrary path access. Review which tools are registered by default and enable HITL for write/execute tools (HITLManager default requireApproval includes file-write/execute-command in the code; keep those enabled). - External endpoints and secrets: The tavily-search template uses an API key and calls api.tavily.com. If you supply such keys, verify the endpoint is expected and trustworthy. Avoid putting cloud credentials or high-privilege secrets into the environment unless necessary. - Dependencies: package.json only lists 'zod'. Examples/templates reference other packages and clients not in dependencies. Before npm install/run, inspect code for undeclared requires and add/lock dependencies from trusted registries. - Platform assumptions: PowerShell templates and invocation of 'powershell.exe' are Windows-specific; the code expects Node >=18. If running on non-Windows, PowerShell paths and behavior differ. If you want to proceed safely: - Run the skill inside an isolated container with no sensitive mounts and minimal network access. - Enable HITL for anything that writes files or executes commands; set autoApprove to an empty list. - Audit all tool templates and remove or replace any that call external services or perform filesystem access you don't want. - Add explicit required env var declarations (TAVILY_API_KEY etc.) to your deployment manifest so you know what secrets will be exposed. Given the mismatches between declared metadata and actual code behavior, treat this package as potentially dangerous until you review and constrain its runtime capabilities.
src/code-mode.js:227
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970n0804zpt6t84r9w3963tp183mmf1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments