ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quick Team

v2.0.0

Quick Team enables rapid creation of new team members by confirming name and role, setting up workspace, updating config, restarting services, and validating...

0· 50·0 current·0 all-time
byWenlong Zhao@zhao-zwl
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and runtime instructions are consistent: the skill guides creating workspace directories, writing a SOUL.md, updating openclaw.json, restarting the gateway, and spawning the new agent to verify — all appropriate for 'Quick Team' functionality.
!
Instruction Scope
Instructions explicitly modify openclaw.json (appending agent entries) and require setting agents.defaults.subagents.allowAgents to include ["*"], then restart the gateway and spawn sessions. These are broad, system-level actions (config mutation + service restart + autonomous agent spawn) rather than limited resource updates; they grant the created agents wide capability and could be abused if not tightly controlled. The template also references an undefined {mainID} placeholder which could cause incorrect paths if not validated.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer step. Lower risk from an install perspective.
!
Credentials
No environment variables or external credentials are requested, which is appropriate, but the skill writes to a platform config file (~/.qclaw/openclaw.json) and enables a wildcard allowAgents setting. Modifying central config without requiring explicit operator approval is disproportionate for an automation helper because it effectively delegates broad authority to newly created agents.
!
Persistence & Privilege
Although always:false and there is no self-install, the procedure persistently alters platform configuration and restarts the gateway to make changes live. Combined with allowAgents:["*"], this materially increases the privileges of created sub-agents and the platform's attack surface.
What to consider before installing
What to consider before installing: - Backup your openclaw.json and test in a staging environment first. The skill instructs direct edits to openclaw.json and a gateway restart; a mistaken edit or restart could disrupt other agents. - Avoid enabling allowAgents:["*"] in production. Instead, prefer adding explicit agent IDs or a scoped allowlist. The wildcard grants broad ability to spawn/act as sub-agents. - Require manual operator approval for config changes and the gateway restart (do not let the agent perform these autonomously unless you fully trust it). - Validate and sanitize the {mainID} and {名称} inputs before directory creation to avoid path injection or collision. Ensure ~ expansion behaves as expected on your system. - Review generated SOUL.md content to prevent accidental leakage of secrets or privileged instructions to newly created agents. - If you proceed, add auditing/logging for sessions_spawn and new-agent activity so you can trace what newly created agents do. Given these concerns — particularly the wildcard allowAgents change and service restart — treat this skill as a tool that requires operator oversight; do not run it unreviewed in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97522f8sdc0qxvv286n0dqmk985d8wq
50downloads
0stars
3versions
Updated 4h ago
v2.0.0
MIT-0
Wenlong Zhao@zhao-zwl
latest
Download

Agent 创建技能(通用版)

用途: 快速创建新的团队成员(子代理)。

触发: 用户说"创建新成员"、"添加agent"、"新建角色"、"组建团队"等。

核心原则

主控不做执行。 创建新agent是执行工作,应派给子代理完成。主控只负责确认名称和职责,然后派任务。

创建流程(5步)

第1步:确认名称和职责

确认两件事:

  • 英文名称(小写字母+数字,不能用"main")
  • 一句话职责

第2步:创建workspace和SOUL.md

派子代理执行两件事:

创建目录结构:

mkdir -p ~/.qclaw/workspace-{mainID}/{名称}
mkdir -p ~/.qclaw/agents/{名称}/agent

创建SOUL.md:

---
name: {名称}
description: "{一句话职责}"
---

# SOUL.md

## 我是谁

{角色定位}

## 我的职责

1. {职责1}
2. {职责2}

## 禁止事项

- {禁止1}
- {禁止2}

第3步:更新openclaw配置

派子代理在 openclaw.jsonagents.list 中追加:

{
  "id": "{名称}",
  "name": "{显示名}",
  "workspace": "~/.qclaw/workspace-{mainID}/{名称}",
  "agentDir": "~/.qclaw/agents/{名称}/agent"
}

同时确保 agents.defaults.subagents.allowAgents 包含 ["*"]

第4步:重启Gateway

openclaw gateway restart

必须重启,配置才生效。

第5步:验证激活

派第一个任务测试正常工作:

sessions_spawn({
  agentId: "{名称}",
  mode: "run",
  task: "读SOUL.md,回复你的名称和职责。"
})

常见错误

错误原因解决
创建后无响应workspace目录不存在确认第2步目录已创建
sessions_spawn失败allowAgents未配置检查openclaw.json
cron不执行gateway未重启执行 openclaw gateway restart

验证清单

  • workspace目录已创建
  • SOUL.md已写入
  • openclaw.json已更新
  • Gateway已重启
  • sessions_spawn测试成功

Comments

Loading comments...