Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent自动研究循环
v1.0.0Autonomous experiment loop for AI agents. Use when the user wants to run systematic experiments — optimizing hyperparameters, searching for better configurat...
⭐ 0· 28·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md's behaviour (creating branches, committing changes, running a user-provided run command, extracting metrics, reverting commits) matches the described purpose of running iterative experiments. Minor inconsistency: the instructions expect git usage but the skill's declared requirements list no required binaries (git is not declared). The allowed tools (exec, sessions_spawn, read/write/edit) are powerful but expected for this purpose.
Instruction Scope
Instructions stay within experiment-running scope (setup, single-variable changes, run, extract metric, record results). However the agent is explicitly instructed to modify files and run arbitrary 'run_command' supplied by the user — this gives the agent broad ability to execute arbitrary shell commands and change repository contents. The use of destructive commands (e.g., 'git reset --hard HEAD~1') is part of the protocol and can result in data loss if misapplied or if user configuration is incorrect. The skill does not include explicit hard guards against the agent touching files outside user-specified 'Target Files' beyond the human-set constraints, so correct configuration by the human is critical.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is lowest-risk from an installation perspective (nothing is downloaded or installed).
Credentials
The skill declares no required environment variables or credentials, which is consistent with being local and git-based. However, practical use may rely on system git credentials (SSH keys, credential helpers) or network access for the run command; those are not declared. The absence of declared credentials is proportionate, but users should be aware the agent can implicitly use any existing local git/SSH credentials or network access when executing commands.
Persistence & Privilege
always:false and normal model invocation are set. The skill does not request persistent/enforced presence or modify other skills' configs. It acts on the repository in the current workspace only, which is appropriate for its function.
Assessment
This skill is coherent for running automated experiment loops, but it gives the agent real power to change code and run arbitrary commands. Before installing/use: 1) Only run this in a disposable or well-backed-up repository (make a clone or snapshot first). 2) During setup, explicitly limit 'Target Files' to a narrow set of parameters/files the agent may edit and enumerate 'Read-Only Files' (data, deployment scripts, credentials). 3) Provide a safe, deterministic 'Run Command' and strict 'Time Budget' to avoid long-running or networked experiments if you don't want them. 4) Be aware the agent may use your system git/SSH credentials implicitly (pushes to remotes or network activity can occur via the run command); consider working offline or removing remote push permissions. 5) Note small metadata inconsistencies (the SKILL.md relies on git but the skill doesn't declare git as a required binary and _meta.json owner/slug differ from registry metadata); confirm the skill source/trust before giving it access to important repositories. If you need lower risk, run the protocol manually or on a sandbox copy first.Like a lobster shell, security has layers — review code before you run it.
latestvk97f3ahptnbp6yq4z6bpfjgvfs8454qq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.