agent-spawner
Facilitates the deployment of new OpenClaw agents through a conversational interface, leveraging Docker for seamless onboarding.
Install this skill
or
66/100
Security score
The agent-spawner skill was audited on Feb 28, 2026 and we found 12 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 111
Piping content to bash shell
SourceSKILL.md
| 111 | curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard |
medium line 111
Curl to non-GitHub URL
SourceSKILL.md
| 111 | curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard |
low line 13
Access to hidden dotfiles in home directory
SourceSKILL.md
| 13 | cat ~/.openclaw/openclaw.json |
low line 14
Access to hidden dotfiles in home directory
SourceSKILL.md
| 14 | cat ~/.openclaw/.env 2>/dev/null |
low line 16
Access to hidden dotfiles in home directory
SourceSKILL.md
| 16 | ls ~/.openclaw/extensions/ |
low line 75
Access to hidden dotfiles in home directory
SourceSKILL.md
| 75 | export OPENCLAW_CONFIG_DIR=~/.openclaw-<agent-name> |
low line 76
Access to hidden dotfiles in home directory
SourceSKILL.md
| 76 | export OPENCLAW_WORKSPACE_DIR=~/.openclaw-<agent-name>/workspace |
low line 149
Access to hidden dotfiles in home directory
SourceSKILL.md
| 149 | cp -r <source-workspace>/skills/ ~/.openclaw/workspace/skills/ |
medium line 177
Access to hidden dotfiles in home directory
SourceSKILL.md
| 177 | - Plugins and skills persist in `~/.openclaw/` volume (extensions/ and workspace/skills/). |
low line 14
Access to .env file
SourceSKILL.md
| 14 | cat ~/.openclaw/.env 2>/dev/null |
low line 111
External URL reference
SourceSKILL.md
| 111 | curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard |
low line 166
External URL reference
SourceSKILL.md
| 166 | - **URL:** `http://<host>:<port>/` |
Scanned on Feb 28, 2026
View Security Dashboard