v1.1.0

Ralph Loop (Agent Mode)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:24 AM.

Analysis

This instruction-only skill is transparent about its purpose, but it asks agents to run background coding agents that can edit and commit project code, including optional permission-bypass flags.

GuidanceInstall only if you want OpenClaw to orchestrate coding agents for you. Use it in a dedicated project directory or sandbox, avoid permission-bypass flags, run on a separate git branch, review generated files and commits, and monitor or stop background sessions when needed.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

The agent calls `exec` tool with the coding agent command ... Uses `background: true` ... Uses `process` tool to monitor progress

The skill instructs the OpenClaw agent to launch and manage external coding-agent processes in the background, which is powerful and can affect the user's project environment.

User impactA coding agent could make broad project changes while running in the background if the user gives it a large or poorly scoped task.

RecommendationUse only in a specific project directory, set low iteration and timeout limits, monitor logs, and stop the process if it behaves unexpectedly.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Common flags:
- Codex: `--full-auto`, `--yolo`, `--model <model>`
- Claude: `--dangerously-skip-permissions`

The skill documents auto-approval and permission-bypass flags for coding CLIs, which can reduce human review and allow broader automatic command execution.

User impactIf these flags are used outside a sandbox, the coding agent may perform file changes or commands with fewer permission prompts.

RecommendationAvoid `--yolo` and `--dangerously-skip-permissions` unless you are in a disposable sandbox or fully trust the task and repository.

Cascading Failures

SeverityMediumConfidenceMediumStatusConcern

README.md

BUILDING: Implement features according to plan, run tests, commit code

The workflow is designed to modify a codebase and commit results, so a bad prompt, bad plan, or unsafe agent action can persist into the project history.

User impactMistakes could be committed into the repository and carried forward into later development work.

RecommendationRun on a separate branch, review diffs before merging, and require human review before pushing or deploying any generated commits.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

package.json

"requirements": { "tools": [ "git", "bash", "one of: opencode, codex, claude, goose, pi, aider" ], "permissions": [ "exec", "process", "file-read", "file-write" ] }

Package metadata discloses tools and permissions, but the registry requirements section says no required binaries and no capability tags were derived.

User impactA user may not see the full operational requirements from the registry summary alone.

RecommendationTreat this skill as requiring local command execution, process control, and file read/write access even though the registry requirement summary is empty.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

The loop persists context via `PROMPT.md` + `AGENTS.md` (loaded each iteration) and the plan/specs on disk.

The skill intentionally persists instructions and operational learnings across iterations, which is useful but means those files can influence later agent behavior.

User impactIncorrect or malicious instructions placed in these files could steer future loop iterations.

RecommendationReview PROMPT.md, AGENTS.md, specs, and IMPLEMENTATION_PLAN.md before starting or continuing a loop.