by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill will instruct an agent to create VMs, generate/import private keys, and distribute AI-provider API keys to newly spawned agents — and it includes commands to automatically accept terms and bypass interactive safeguards. That combination can lead to secret proliferation, runaway costs, and creation of autonomous agents you can't easily control. Before installing: (1) do not provide your main AI-provider API keys or long-lived account keys; use limited-scope, revocable test keys with st...详细分析 ▾
ℹ 用途与能力
The skill name and description match the runtime instructions: it guides an agent to provision Aleph Cloud VMs, install an agent runtime, and replicate itself. That functionality legitimately requires an Aleph account, SSH keys, and an AI provider API key. However, the skill metadata lists no required credentials or config paths while the instructions clearly rely on several secrets and system files (Aleph private key, SSH keypair, AI provider API key). The omission of those required secrets from the declared metadata is an incoherence worth noting.
⚠ 指令范围
SKILL.md tells the agent to create/import Aleph private keys, generate SSH keys, pip-install aleph-client (with --break-system-packages), auto-accept CRN terms, bypass interactive prompts (via flags and pexpect), and explicitly 'share' AI provider API keys with spawned agents. These steps require reading/writing sensitive files and transmitting credentials to newly created VMs and agents — actions that go beyond simple orchestration and enable credential proliferation and potential exfiltration. The instructions also advise bypassing human confirmations (e.g., --crn-auto-tac, --crn-hash, pexpect automation), reducing human control over costly or risky operations.
ℹ 安装机制
There is no install spec in the registry (instruction-only), which lowers static install risk. However, the runtime instructions tell users/agents to pip install aleph-client (including recommending --break-system-packages), which can modify system packages. While this is not an installer baked into the skill, it is a runtime instruction that can alter the system and should be treated as a potential risk.
⚠ 凭证需求
The skill metadata declares no required environment variables or primary credential, but the instructions explicitly require and manipulate sensitive credentials: Aleph private keys, an SSH keypair stored under ~/.ssh, and AI provider API keys (Anthropic/OpenAI/etc.) to be shared with spawned agents. Requesting or instructing the distribution of unrelated provider API keys (to newly spawned, autonomous agents) is disproportionate and increases risk. The mismatch between declared and actual secret usage is a significant red flag.
⚠ 持久化与权限
The skill is not marked always:true (normal), but its stated goal — enabling autonomous agents to self-replicate across a decentralized network and to transfer credentials to children — effectively expands privilege and persistence outside the host agent's control. The instructions encourage automatic acceptance of T&Cs and bypassing interactive safeguards, which increases the chance of uncontrolled, persistent deployments and recurring costs. Even though the skill itself doesn't request permanent registry privileges, its intended runtime behavior leads to persistent, hard-to-revoke agent instances.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/2/27
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install aleph-vm-replication
镜像加速npx clawhub@latest install aleph-vm-replication --registry https://cn.longxiaskill.com