openclaw-agency-agents Security Report — Low Risk | ClawSafe

15 /100

openclaw-agency-agents

管理和激活来自 agency-agents-zh 仓库的 176 个专业 AI 智能体人格

This is a legitimate agent persona management skill that clones a public GitHub repository and writes agent configuration files; no malicious behavior observed, though SKILL.md does not declare network access and setup.sh lacks version pinning.

Skill Nameopenclaw-agency-agents

Duration33.4s

Enginepi

✓

Safe to install

Add explicit network:READ and filesystem:WRITE declarations in SKILL.md. Pin the git clone to a specific commit hash or tag in setup.sh to prevent unexpected content changes from the upstream repository.

Findings 3 items

Severity	Finding	Location
Low	SKILL.md does not declare required network access Doc Mismatch The skill performs git clone and git pull operations to fetch the agency-agents-zh repository, but SKILL.md makes no mention of network access or external repository dependencies. `git clone https://github.com/jnMetaCode/agency-agents-zh` → Add a 'Required Permissions' or 'Resources' section to SKILL.md explicitly listing network:READ for the GitHub domain.	`SKILL.md:1`
Low	No version pinning on upstream repository Supply Chain setup.sh clones the latest main branch with no commit hash or tag pinning. An upstream commit could introduce malicious agent personas at any time. `git clone https://github.com/jnMetaCode/agency-agents-zh.git "$REPO_DIR"` → Pin to a specific commit SHA or tag, e.g., 'git clone https://github.com/jnMetaCode/agency-agents-zh.git --depth 1 --branch v1.0.0 "$REPO_DIR"'	`scripts/setup.sh:53`
Info	Script header name mismatch Doc Mismatch setup.sh header comments refer to 'openmaic-agents-lite' while SKILL.md describes 'openclaw-agency-agents'. Minor inconsistency. `# setup.sh - 初始化 openmaic-agents-lite skill` → Update script header to match the SKILL.md name 'openclaw-agency-agents'.	`scripts/setup.sh:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	setup.sh:53, activate.sh:93 writes files to $WORKSPACE_DIR
Network	`NONE`	`READ`	✓ Aligned	setup.sh:53 'git clone https://github.com/jnMetaCode/agency-agents-zh.git', upda…
Shell	`NONE`	`WRITE`	✓ Aligned	All scripts execute bash; activate.sh creates config files via heredoc and file …

File Tree

7 files · 17.3 KB · 576 lines

Shell 6f · 458L Markdown 1f · 118L

├─ ▾ 📁 scripts

│ ├─ 🔧 activate.sh Shell 153L · 4.5 KB

│ ├─ 🔧 list.sh Shell 77L · 2.4 KB

│ ├─ 🔧 restore.sh Shell 65L · 1.4 KB

│ ├─ 🔧 search.sh Shell 69L · 2.0 KB

│ ├─ 🔧 setup.sh Shell 59L · 2.2 KB

│ └─ 🔧 update.sh Shell 35L · 765 B

└─ 📝 SKILL.md Markdown 118L · 4.0 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`agency-agents-zh`	`latest (unpinned)`	https://github.com/jnMetaCode/agency-agents-zh.git	No	Clones latest main branch with no commit/tag pinning

Security Positives

✓ No credential harvesting or environment variable enumeration observed

✓ No base64, obfuscation, or anti-analysis patterns detected

✓ No network exfiltration or C2 communication patterns

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No reverse shell, RCE, or arbitrary command injection

✓ All operations are scoped to a specific skill directory and workspace directory

✓ Backup mechanism provides config restore safety

✓ Uses set -euo pipefail for safe shell scripting

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives