← Back to Skills Marketplace

Workspace Anchor

Name: Workspace Anchor
Author: zenchantlive

by zenchantlive · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1670

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install workspace-anchor

Description

Manages multi-agent projects by discovering, listing, switching, and validating workspace anchors using environment paths to prevent context drift.

Usage Guidance

This skill mostly does what its README says (find and manage .project-lock project files), but there are several red flags you should address before installing or running it on sensitive systems: - Interoperability bugs: create.js writes JSON lock files while discover/validate expect a plain-text NAME:/ROOT: format — the tool may not work as intended and could overwrite or create unusable lock files. - Broken shell command: validate.getCurrentProject contains a malformed execSync('bash -c ...') string; it will likely fail and may produce unexpected shell behavior. - Shell execution risks: the code runs find, cat, grep, sed and other shell commands with interpolated paths. If any path or env value is attacker-controlled or contains quoting characters, this could lead to command injection or accidental reading of unrelated files. Prefer replacing shell calls with native Node FS traversal or robustly sanitize/escape inputs. - File-write behavior: createLockFile will write .project-lock to arbitrary provided directories and may overwrite existing files without prompting. Recommendations: - Do not run this skill as a privileged user; test it in a disposable environment first. - Review and fix the create/discover format mismatch (choose either the textual protocol or JSON and make all components consistent). - Fix the malformed shell quoting in validate.getCurrentProject and remove unsafe shell pipelines; use native fs operations where possible. - Add explicit input sanitization/escaping for any path used in execSync, or avoid execSync entirely for path searches. - If you need the functionality but cannot audit/fix the code, avoid installing in environments with sensitive data. If the owner can provide an updated release that removes shell pipelines (or properly sanitizes inputs) and fixes the format/logic bugs, that would raise confidence in the skill.

Capability Analysis

Type: OpenClaw Skill Name: workspace-anchor Version: 1.0.0 The skill is classified as suspicious due to significant prompt injection risks in its agent instructions and the use of shell command execution. Both SKILL.md and README.md explicitly instruct the AI agent to use `exec`, `find`, or `ls` to locate files, granting broad shell execution capabilities. While the stated purpose is benign (finding `.project-lock` files), this instruction creates a vulnerability where a malicious follow-up prompt could leverage this granted capability for unauthorized actions. Additionally, the Node.js code in `lib/discover.js` and `lib/validate.js` uses `child_process.execSync` for system commands like `find` and `cat/grep/sed`, and to interact with an external `project-enforcer.sh` script, which, while quoted, represents powerful execution capabilities.

Capability Assessment

ℹ Purpose & Capability

Name/README and most code (discover, list, switch, validate, create) align with a workspace/project-lock manager. However there are clear inconsistencies: README/SKILL.md and discover/validate expect a plain-text '.project-lock' format with 'NAME:'/'ROOT:' lines, but create.js writes JSON. cli.js.runCommand is implemented in a way that recursively calls itself (likely a bug). These mismatches mean the components won't interoperate as expected.

⚠ Instruction Scope

SKILL.md explicitly tells agents to 'use exec' to find .project-lock files and 'identify absolute paths' — and the code uses execSync()/find/cat/grep/sed to scan the filesystem and read lock files. That behavior is within the stated goal (discovering lock files) but grants broad filesystem access and executes shell commands with interpolated paths. There are also fragile/malformed shell invocations (see validate.getCurrentProject) that may fail or behave unpredictably. The agent instructions are prescriptive and give the agent wide discretion to search arbitrary paths, which increases risk.

ℹ Install Mechanism

No install spec (instruction-only at registry level) — low install risk. But the package includes executable code files that will run when invoked; since nothing is installed by a package manager the code will be executed directly from the skill directory. This is not a contradiction but users should note code execution occurs despite 'no install'.

ℹ Credentials

The skill declares no required env vars, which is reasonable, but the code reads process.env (HOME, USERPROFILE) and allows expansion of arbitrary env variables (e.g., $CLAWD_ROOT). That's expected for path expansion, but because inputs from env/config end up inside shell commands (find, bash -c) there is a nontrivial risk if those environment values are malicious or untrusted. No external credentials are requested.

✓ Persistence & Privilege

The skill does not request 'always: true' and is user-invocable. It performs filesystem reads/writes (create can write .project-lock files) and executes child processes — appropriate for its purpose. Note: autonomous invocation plus filesystem access increases blast radius compared to purely read-only skills, but there is no special persistent privilege requested by the skill itself.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install workspace-anchor
After installation, invoke the skill by name or use /workspace-anchor
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of Workspace Anchor: a multi-agent workspace awareness and safety system. - Discovers, lists, switches, and validates project environments using `.project-lock` files. - Prevents agent drift by requiring environment-based naming for project anchors. - Provides CLI commands: `discover`, `list`, `create <path>`, `switch <name>`, and `validate <path>`. - Includes critical agent instruction to always locate correct absolute paths before use.

Metadata

Slug workspace-anchor

Version 1.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 1

Frequently Asked Questions

What is Workspace Anchor?

Manages multi-agent projects by discovering, listing, switching, and validating workspace anchors using environment paths to prevent context drift. It is an AI Agent Skill for Claude Code / OpenClaw, with 1670 downloads so far.

How do I install Workspace Anchor?

Run "/install workspace-anchor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Workspace Anchor free?

Yes, Workspace Anchor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Workspace Anchor support?

Workspace Anchor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Workspace Anchor?

It is built and maintained by zenchantlive (@zenchantlive); the current version is v1.0.0.

More Skills