Safety Report

Agent Zero Bridge

Name: Agent Zero Bridge
Rating: 3 (4 reviews)
Author: DOWingard

Delegate complex coding, research, or autonomous tasks to Agent Zero framework. Use when user says "ask Agent Zero", "delegate to A0", "have Agent Zero build", or needs long-running autonomous coding with self-correction loops. Supports bidirectional communication, file attachments, task breakdown, and progress reporting.

2,119Downloads

8Installs

4Stars

1Versions

Search & Retrieval2,116 File Management2,100 Customer Support1,744 Project Management1,537

Security Analysis

high confidence

Suspicious0.04 risk

The skill's code and instructions match the stated bridge purpose, but the registry metadata omits required credentials and the runtime instructions ask you to place sensitive tokens into containers and write files on disk — an inconsistency that raises risk and warrants caution before installing.

Feb 11, 20269 files3 concerns

Purpose & Capabilityok

The name/description (bridge between Clawdbot and Agent Zero) aligns with the included code: A0 and Clawdbot API clients, CLI utilities, and a task-breakdown workflow. The env vars and HTTP endpoints referenced (A0_API_URL/A0_API_KEY, CLAWDBOT_API_URL/CLAWDBOT_API_TOKEN) are appropriate for this purpose and the code's features (attachments, progress reporting, notebook files) match the stated capabilities.

Instruction Scopeconcern

SKILL.md instructs the user to copy the skill into ~/.clawdbot, create and populate a .env with sensitive tokens, enable HTTP gateway endpoints, and docker-cp the client into an Agent Zero container. The runtime instructions and code will read local files (attachments), write a .a0_context file, and create project files under NOTEBOOK_PATH — all reasonable for the bridge, but they also permit reading arbitrary file paths passed as attachments and persisting credentials inside a container. Notably, the registry metadata lists no required env vars, yet the SKILL.md and code clearly require A0_API_KEY and CLAWDBOT_API_TOKEN — an incoherence that should be resolved before trust.

Install Mechanismok

There is no automatic install script or external download; installation is manual (copy files into ~/.clawdbot, docker cp into container). This avoids arbitrary remote code fetches, but copying code and .env into a running container is a privileged operation and increases the attack surface if the code or tokens are untrusted.

Credentialsconcern

The only credentials the code uses (A0_API_KEY, CLAWDBOT_API_TOKEN) are proportional to the stated bridge function. However the registry metadata declared 'Required env vars: none' while SKILL.md and config.js require/expect tokens — a mismatch. The skill also allows NOTEBOOK_PATH to be set (write access anywhere) and will persist context and project files on disk; these behaviors are functionally justified but require explicit user consent because they involve local filesystem writes and storage of tokens in .env (and copying .env into containers).

Persistence & Privilegenote

The skill does not request always:true and does not modify other skills or system-wide settings. It persists its own context (.a0_context) and creates notebook/project files by design. The bigger persistence concern is manual guidance to copy .env into an Agent Zero container (persisting secrets inside that container). Autonomous invocation is allowed by default on the platform, but this skill does not ask for additional platform privileges.

Guidance

Key points to consider before installing: - Metadata mismatch: The registry claims no required env vars, but SKILL.md and the code require A0_API_KEY and CLAWDBOT_API_TOKEN. Ask the publisher to correct the registry metadata or clarify why credentials were omitted. - Secrets handling: You will be instructed to store API tokens in a .env and (optionally) copy that .env into an Agent Zero Docker container. Storing tokens in files and putting them into containers increases risk — use least-privilege tokens, rotate them later, and avoid using production or long-lived credentials. - Filesystem access: The skill will create project files (notebook/tasks/projects) and a .a0_context file and can read files you attach (it base64-encodes and sends attachments). Only attach files you intend to share and ensure NOTEBOOK_PATH is set to a safe directory. - Network exposure: The instructions tell you to enable Clawdbot HTTP endpoints and bind to 0.0.0.0 for Docker reachability. Prefer limiting network exposure (bind localhost or use a secure tunnel) until you understand the risks. - Inspect code and run in isolation: Because the repo contains code you will run and copy into a container, review the scripts (they appear straightforward) and consider running them in an isolated environment (throwaway VM or isolated container) first. - Trust & provenance: The skill source and homepage are unknown. Only install from trusted sources. If you proceed, test with non-sensitive data and ephemeral tokens, and consider restricting the Bridge's tokens to minimal scopes. If you want, I can produce a short checklist of concrete safe-install steps (how to create ephemeral tokens, set NOTEBOOK_PATH to a safe directory, and run in an isolated container) or summarize the exact lines in the code that read/write files and send HTTP requests.

Latest Release

v1.0.0

Initial release: bidirectional Clawdbot ↔ Agent Zero communication

More by @DOWingard

MoltSci

2 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @DOWingard on ClawHub