ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

React Orchestrator

v0.1.0

基于 ReAct 框架的双系统 AI 协调器,自动评估任务复杂度,智能切换快速执行和深度推理模式,支持多工具协作。

0· 33·0 current·0 all-time
by@yuyonghao-123·duplicate of @yuyonghao-123/react-orchestrator
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and docs implement the stated dual-system ReAct orchestrator, tool registry, Code Mode and HITL features — which is coherent with the skill description. However the code references third‑party integrations (e.g., require('tavily-search') templates, calls to https://api.tavily.com) and environment variables (process.env.TAVILY_API_KEY) even though the skill metadata lists no required env vars or external dependencies. That mismatch should be clarified.
!
Instruction Scope
SKILL.md instructs registering and invoking tools, including examples that read/write files and call network APIs. The repository contains templates and runtime that will read arbitrary file paths, write files, spawn Node/PowerShell subprocesses, and make outbound HTTP requests. These behaviors go beyond simple 'reasoning' and require explicit user consent and configuration; the runtime instructions do not enumerate these risks or required safeguards.
Install Mechanism
There is no external download/install spec (instruction-only / local npm package). That lowers supply‑chain risk. However package.json only lists 'zod' while code expects other modules (e.g., 'tavily-search') in templates — users must install or provide those dependencies manually. The skill writes temporary files and spawns child processes, but those actions are implemented locally (no remote install URL).
!
Credentials
Registry metadata declares no required environment variables, yet code and examples reference process.env.TAVILY_API_KEY and other env usage (templates and examples). Child processes are started with env: {...process.env}, so any environment secrets available to the host would be visible to executed code. The skill therefore has the ability to access environment secrets even though none are declared — this is a proportionality and disclosure concern.
Persistence & Privilege
The skill is not marked always:true and doesn't request persistent system-wide privileges. It does create temporary files in the OS temp directory and spawns processes (node, powershell.exe). Those runtime privileges are significant but consistent with the Code Mode feature; ensure you run it where executing arbitrary code and PowerShell is acceptable.
What to consider before installing
This skill appears to implement the advertised ReAct orchestration and includes helpful features (HITL, Code Mode, tool registry). However: - The package metadata lists no required env vars, but the code and examples reference TAVILY_API_KEY and call external APIs; treat these as optional integrations but be explicit about what you set. Do not expose sensitive env vars unless you trust the skill. - The Code Mode will write temp files and spawn child processes (node and PowerShell). That means it can read/write filesystem paths and execute arbitrary code — run in an isolated environment (container/VM) if you are unsure. - Built-in templates include file-read and file-write operations. Enable and configure HITL (requireApproval for file-write / execute-command) before letting the orchestrator act on your behalf. - package.json is minimal (only zod). The code references modules (e.g., 'tavily-search') not declared as dependencies; inspect and install required third‑party libs yourself from trusted sources. - If you plan to use networked features or the A2A functionality later, audit any networking endpoints and consider firewalling the runtime or limiting outbound access. If you want to proceed, run it in a sandbox, enable HITL approvals for dangerous operations, and avoid supplying real secrets (API keys, cloud credentials) until you have audited templates and tool implementations. If anything is unclear, ask the author to add explicit metadata listing required env vars, external endpoints, and a dependency list.
src/code-mode.js:227
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706e8x1bvkznq815xhc7q8g183zvhc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments