Nanobot Overstory Bridge

Seamless bidirectional bridge between nanobot (Ollama Mistral orchestrator) and overstory (Claude Code agent swarm). Routes tasks through the OverClaw gatewa...

What to consider before installing: - This skill contains multiple scripts that read/write files in your home/workspace (MEMORY.md, ~/.nanobot/config.json, UI settings, session_bridge.db) and can discover and execute Python scripts from the skills directory. That means agents routed through this bridge could read local config files and run local code. - The registry metadata claims no required env vars, but the code expects several (OVERSTORY_BIN, NANOBOT_* paths). That mismatch is a red flag — verify and explicitly set safe paths before use. - If you keep secrets (API keys, tokens) in workspace files or ~/.nanobot/config.json or in MEMORY.md, consider them at risk. Avoid storing credentials in those files or run the bridge in an isolated environment. - Before installing: review the implementation of exec_skill / any code that launches subprocesses (not fully shown in the truncated file) to confirm whether scripts are executed safely (sandboxed, path-checked) or run arbitrary commands. - Mitigations: run this bridge inside a sandboxed VM or container, restrict NANOBOT_WORKSPACE and NANOBOT_SKILLS_DIR to a controlled directory with limited contents, do not expose credentials in the workspace, and restrict OVERSTORY_BIN to a trusted binary. Prefer installing only if you trust the overstory agents and the skill author (this package lists author 'ghost' and no homepage/source — lack of provenance increases risk). - Additional information that would change this assessment: a trustworthy source/homepage and clear provenance; a registry manifest that declares required env vars and permissions; or confirmation that exec_skill implements strict sandboxing/safety checks. If exec_skill is safe and the runtime is properly sandboxed, this would lower concern; if exec_skill runs arbitrary subprocesses with untrusted input, the risk would be higher.

Type: OpenClaw Skill Name: nanobot-overstory-bridge Version: 1.1.0 The skill provides powerful capabilities, including executing arbitrary Python scripts and external CLI commands (`overstory`) via `subprocess.run` in `scripts/gateway_tools.py` and `scripts/overstory_client.py`. This creates a significant Remote Code Execution (RCE) vulnerability if an AI agent can be prompted to invoke these functions with malicious arguments. Additionally, the ability for agents to write arbitrary content to `MEMORY.md` (via `scripts/memory_sync.py` and `scripts/gateway_tools.py`) presents a prompt injection vulnerability against other agents that consume this shared memory. While these are critical vulnerabilities, there is no clear evidence of intentional malicious behavior like data exfiltration to external servers or backdoor installation.