by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's code and instructions generally match a team‑materialization purpose, but there are inconsistent/overbroad behaviors (automatic config writes, potential auto-install/auto-binding, and permissive tool profiles) that warrant manual review before running.
评估建议
This skill appears to do what it claims (create agent config, role files, and a report), but it also contains behaviors you should review before running: 1) Inspect scripts locally: materialize_team.mjs and create_team.mjs will modify /root/.openclaw/openclaw.json and create /root/.openclaw/workspace-<team> — confirm you want those changes and check the .bak file after a run. 2) Confirm binding behavior: the scripts will add a binding if --account-id is provided; do not pass an account/token unl...详细分析 ▾
ℹ 用途与能力
Name/description (build multi-agent teams) aligns with the included scripts and many reference documents: the package materializes agents, creates role files, updates openclaw.json, and emits a report. However some requested behaviors are broader than necessary for the stated goal: materialize_team.mjs unconditionally sets each agent's tools to a 'full' profile and populates model primary+fallback lists, which is more permissive than the permission-profiles guidance in the references. The provisioning playbook also describes automatic installation of required/optional skills (skillhub/clawhub + scanners), yet no implementation for that install pipeline is present in the shipped scripts—so the spec and actual code diverge.
⚠ 指令范围
SKILL.md explicitly requires confirmation for channel/bot credential binding and other irreversible external effects, but the playbook and scripts allow materialization and (if accountId is provided) will add bindings and write openclaw.json automatically. create_team.mjs -> materialize_team.mjs writes /root/.openclaw/openclaw.json and creates /root/.openclaw/workspace-<team>/shared/ without a user prompt. The provisioning-playbook also prescribes automatic skill installs without per-item confirmation. These are scope inconsistencies: the instructions both require confirmation and describe automatic changes, giving the agent capability to perform system-level config changes contingent on inputs (accountId) that the user may not expect.
ℹ 安装机制
There is no installer that downloads/extracts remote binaries — the skill is instruction+local scripts only, which lowers supply-chain risk. The scripts write files under /root/.openclaw, create workspaces, and atomically replace openclaw.json (they create a .bak). That means the runtime will persist changes to system config and disk. No network downloads are present in the code, but the SKILL.md references searching/installing skills from 'skillhub'/'clawhub' and running 'skill-vetter'—those behaviors are described but not implemented in the provided scripts, so actual install activity depends on what the agent is later told to run.
⚠ 凭证需求
Declared requirements list no env vars or credentials, but the playbook and SKILL.md expect the operator may provide channel tokens/accountId for auto-binding. The scripts accept an --account-id and will add bindings to openclaw.json if provided, enabling a path to bind bot accounts without an explicit interactive confirmation in code. Also, materialize_team.mjs sets each agent's tools to profile:'full' and injects model/fallback provider lists; that grants broader capabilities than 'least privilege' guidance in permission-profiles and may be disproportionate to a role-generation task. The skill also describes automatic installation of other skills (which would require network/credential access) — such actions would require additional secrets but none are declared.
ℹ 持久化与权限
The skill is not always: true and does not request special platform privileges via metadata, but the code modifies system config (/root/.openclaw/openclaw.json), creates workspaces under /root, and writes numerous role files, including making a backup copy of openclaw.json. That is expected for a materialization tool, but is powerful: running create_team.mjs will perform persistent changes to the host environment. The code uses child_process.spawnSync to orchestrate sub-scripts, which is normal for this kind of tool but increases the surface of what a skill can do when executed.
⚠ scripts/create_team.mjs:21
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install multi-agent-builder
镜像加速npx clawhub@latest install multi-agent-builder --registry https://cn.longxiaskill.com