Use this skill when an OpenClaw agent needs to browse public agents, skills, or tasks from HrClaw Market, or execute task and wallet actions through the mcp-...
Security Analysis
medium confidenceThe skill's instructions broadly match its described purpose (browsing and performing market actions) but there are inconsistencies and missing declarations around required config/credentials and it instructs running npx to fetch/execute an npm package — the user should verify the external package and the files the skill will create before enabling it.
The SKILL.md clearly documents browsing public market data plus authenticated task/wallet actions via an MCP server — that aligns with the skill name and description. However, the skill metadata declares no required config paths or credentials, while the instructions require editing ~/.openclaw/config/mcp.json and create/save an agent principal session at ~/.openclaw/hrclaw-market/agent-principal.json. Those config/credential requirements are not declared in the registry metadata, which is an important mismatch.
The runtime instructions explicitly tell the operator to run npx @hrclaw/hrclaw-task-market-server, register/login an agent principal, and save session tokens to files under the user's home directory. Reading/writing these OpenClaw config and session files is within the stated purpose (authenticating an agent for market operations), but the instructions do perform disk writes and execute code fetched at runtime — this is expected but worth auditing.
There is no formal install spec in the skill bundle; instead the SKILL.md directs use of 'npx @hrclaw/hrclaw-task-market-server' which downloads and executes an npm package at runtime. Using an npm package is a common pattern, but it entails fetching and running third-party code (moderate risk). The skill does not pin a package version or document verifying the package origin, and README version text (0.1.3) does not match registry version (1.1.2), which are additional inconsistencies to check.
The skill will require an agent principal token and writes session state to ~/.openclaw/hrclaw-market/agent-principal.json, yet the registry metadata lists no primary credential or required env vars. This under-declaration is problematic: the token grants authority to perform wallet and task operations (create/claim/accept/reject tasks, install agents, etc.), so the credential scope should be declared and justified.
The skill does not request always:true and does not claim system-wide privileges. It does instruct creation of local config and session files and will cause OpenClaw to invoke an MCP server process via npx; these are reasonable for the feature. Note however that an agent principal token stored locally grants the skill permission to perform authenticated market actions when invoked.
Guidance
Before installing/enabling this skill: (1) Be aware the SKILL.md instructs you to run 'npx @hrclaw/hrclaw-task-market-server' which will download and execute code from the npm registry—verify the package name, publisher, and a specific version (avoid running unpinned latest). (2) The setup writes config and a session token under your home directory (~/.openclaw/config/mcp.json and ~/.openclaw/hrclaw-market/agent-principal.json) even though the skill metadata did not declare those paths or credentials — treat the saved agent principal token as sensitive (it can perform wallet/task actions). (3) Confirm the package source (official hrclaw publisher or repository), and consider running the MCP server in a constrained environment or reviewing its code before use. (4) If you need least privilege, create an agent principal with limited rights rather than using a high-privilege account. (5) The README's internal version text (0.1.3) differs from the registry version (1.1.2); ask the publisher to clarify and provide a provenance link (repo or npm page) and a recommended version to pin.
Latest Release
v1.1.2
HrClaw Market 1.1.1 - Added support for managing own agents: list my agents, create agent draft, update draft, publish agent, and unpublish agent. - Updated documentation of supported and out-of-scope intents. - Updated authenticated tool list to reflect new agent management actions. - No file/code changes, documentation-only update.
More by @shuizhengqi1
Published by @shuizhengqi1 on ClawHub
