by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (create/uninstall OpenClaw agents) matches most instructions, but there are inconsistencies and risky instructions (hardcoded user path, direct edits of local config with secrets, and undeclared filesystem requirements) that warrant caution.
评估建议
This skill roughly does what it says (create/uninstall OpenClaw agents) but has red flags you should consider before installing or running it: 1) It references and edits local configuration and workspaces and asks you to provide channel credentials — only proceed if you trust the skill and its operator. 2) It uses a hardcoded filesystem path (/Users/honor/.qclaw/openclaw.json) and an application path under /Applications; verify these paths are correct for your system and not targeting another us...详细分析 ▾
ℹ 用途与能力
The skill's commands and flows (agents add/delete, binding channels, running doctor/health) align with creating and removing agents. However, it references a specific SKILL_DIR under /Applications and a hardcoded home path (/Users/honor/.qclaw/openclaw.json) that do not match a generic 'create/uninstall' skill and suggest assumptions about the host environment.
⚠ 指令范围
Runtime instructions direct the agent to list agents/models and to read/write local configuration and workspaces. They explicitly instruct collecting channel credentials from users and writing them into config (via gateway config.patch) and, crucially, direct a Python script to delete keys by editing /Users/honor/.qclaw/openclaw.json. That accesses and modifies local config (potentially containing secrets) and uses a hardcoded user path; these actions expand scope beyond mere orchestration and require filesystem and secret handling privileges.
✓ 安装机制
Instruction-only skill with no install steps or external downloads. No install-related risk detected.
⚠ 凭证需求
The skill declares no required env vars or config paths, yet its instructions assume access to specific local files/paths and the ability to create/delete workspaces and edit openclaw.json (which may contain channel secrets like appSecret). The skill also tells the agent to 'collect corresponding credentials' — acceptable for channel setup but not declared or scoped, and the hardcoded /Users/honor path is disproportionate and suspicious.
ℹ 持久化与权限
Skill is not always:true and doesn't request persistent privileges across agents. However it instructs modifying system/service configuration (openclaw.json) and deleting agent workspaces — normal for agent management but high-impact operations. Combine with undeclared file access, this increases risk if the skill runs autonomously.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.42026/3/16
修复:通道绑定改为可选;首次启用飞书需 doctor --fix;删除账号改用 Python 直接操作
● 可疑
安装命令 点击复制
官方npx clawhub@latest install agentcreate
镜像加速npx clawhub@latest install agentcreate --registry https://cn.clawhub-mirror.com
技能文档
创建或卸载独立的 OpenClaw Agent。每个 Agent 拥有独立工作区、独立会话、独立模型,与主 Agent 完全隔离。
技术实现细节:
- 创建流程 → 见 references/create.md
- 卸载流程 → 见 references/delete.md
所有 CLI 操作必须通过 qclaw-openclaw skill 的 wrapper 脚本执行,禁止直接调用 openclaw 命令。
创建 Agent
收集信息(按顺序引导,每次只问必要项):
- Agent ID(英文,小写字母/数字/连字符,唯一)
- 通道绑定(可选):先运行
config get channels列出已有通道和账号供选择;若新建账号,收集对应凭据;也可跳过不绑定 - 模型:运行
models list获取实时列表供用户选择,默认qclaw/modelroute - 确认:展示汇总表,用户确认后再执行
执行前检查:
- Agent ID 未被占用(
agents list) - 若绑定通道,账号已存在或已新建
详细命令见 references/create.md。
卸载 Agent
- 列出所有 agent(
agents list+agents bindings) - 用户选择目标 agent(禁止选择
main) - 展示 agent 信息,用户选择卸载模式:
- 完全卸载需用户输入
yes二次确认(不可恢复)
详细命令见 references/delete.md。
核心约束
- 禁止删除
mainagent - 完全卸载时必须同步删除通道账号配置,否则消息可能 fallback 到 main agent
- 删除账号配置必须用 Python 直接操作
openclaw.json(gateway config.patch只能合并写入,无法删除 key) - 新增/修改配置通过
gateway config.patch写入,禁止直接编辑配置文件 - 修改配置前先备份当前值,失败时立即回滚
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制