Karpathy Autoresearch

High-level points to consider before installing or running this skill: - Functionality is coherent: it implements the mutate→evaluate→keep loop and includes reference scripts (loop.py, evaluate.py). That said, the package metadata omits some practical requirements — verify you have git and a safe working directory available. - Review and control the 'mutable file' and working directory: the agent will read, write, and git-commit whatever file you point it at. Do NOT point it at system configs, secrets, SSH keys, or any repository containing credentials. Run experiments in an isolated project or sandbox. - Eval commands run arbitrary subprocesses: loop.py runs whatever eval command you supply (via shell=True) and parses numeric output. Ensure your eval harness is trusted and does not perform unwanted network calls or exfiltration. Treat the eval command as code you must review. - evaluate.py requires you to implement score_one(); by default it raises NotImplementedError. If you implement LLM-based judging or backtests, you will likely need API keys and data access that the skill does not declare — keep credentials out of the mutable file and out of experiment commits. - The skill's README includes a crypto payment address and Telegram contact for a paid 'Pro' tier. This is external monetization and unrelated to the skill code — be cautious when sending funds or contacting external handles. - Best practices: run the skill in an isolated environment, inspect and possibly modify the provided scripts before running, keep a separate git repo or sandbox for experiments, and avoid letting the agent autonomously run experiments on repositories containing sensitive data. If you plan to use LLM judges or external services, create and scope API keys appropriately (principle of least privilege).