Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent- manager
v1.0.0Manage OpenClaw Agents by creating new agents, configuring workspaces, setting up Feishu bot integrations, and verifying multi-bot routing.
⭐ 0· 45·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match what the code and SKILL.md do: create agents, configure workspaces, generate Feishu authorization links, and write bindings. However the skill metadata claims no required binaries or env vars while the runtime expects python3, the 'openclaw' CLI, network access, and writes to ~/.openclaw/openclaw.json — the missing declared requirements is an inconsistency that reduces transparency.
Instruction Scope
SKILL.md instructs the agent to run local scripts (under ~/.openclaw/.../scripts/...), produce and send authorization URLs to users, poll Feishu, write client_id/app_secret into the user's ~/.openclaw/openclaw.json, remove .git directories in workspaces, and restart the OpenClaw gateway. Those actions go beyond simple read-only management: they modify local configuration, persist secrets, and control a system service (gateway restart). The instructions also require the agent to present clickable authorization links produced by the script — i.e., relay external URLs to users — which is expected for OAuth flows but should be explicit in metadata.
Install Mechanism
No install spec (instruction-only) so nothing is downloaded at install time; the code files are bundled with the skill. This is lower risk than arbitrary remote installs. Still, bundled scripts will be executed and perform filesystem/network operations at runtime.
Credentials
The skill declares no required environment variables or primary credential, yet the code obtains and persists Feishu credentials (app_secret) into ~/.openclaw/openclaw.json. It reads/writes user config in the home directory and stores transient device codes in /tmp. Requesting and storing secrets is proportionate to binding a bot, but the lack of declared credentials and explicit permission in the metadata is a transparency issue. Also removing .git directories is a filesystem-modifying action that may be unexpected.
Persistence & Privilege
always:false (good) but the skill can create new agents programmatically, write credentials to local config, and restart the OpenClaw gateway (openclaw gateway restart). Because model invocation is allowed, an agent could autonomously create agents or alter config if given permission during a session. That combination increases blast radius and could enable 'self-propagation' if the skill is invoked without strict human approval.
What to consider before installing
This skill appears to implement exactly what it claims, but proceed with caution. Before installing or enabling automatic use: 1) confirm you trust the skill's author (owner ID is unknown); 2) review the bundled scripts yourself (they are included) and ensure you are comfortable with them writing to ~/.openclaw/openclaw.json and removing .git directories; 3) be aware the skill will collect Feishu app credentials and persist them locally — back up openclaw.json before use; 4) ensure the 'openclaw' CLI and python3 exist and run the scripts manually once to verify behavior; 5) restrict autonomous invocation or require explicit human confirmation for creation/restart steps (especially gateway restarts); and 6) if you do not want the agent to create other agents or restart system services, do not enable the skill for autonomous actions and require manual steps for app secret handling and gateway restarts.Like a lobster shell, security has layers — review code before you run it.
latestvk973mqd6s6b51yme22ph30z0dd83s135
License
MIT-0
Free to use, modify, and redistribute. No attribution required.