ClawHub

Skill Cortex Pub

v0.0.2

Skill Cortex is the system's capability cortex. When lacking ability, it autonomously acquires Skills from ClawHub or GitHub, then releases them after use. E...

0· 432·3 current·4 all-time
byAnk Wu@ankwu001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The Skill claims to search ClawHub/GitHub and install/run other Skills, but the package declares no required binaries, no network access, and no CLI (README mentions the 'clawhub' CLI). Installing or building Skills normally requires tools (clawhub, git, package managers) and network access; the lack of declared dependencies is a mismatch between stated purpose and declared requirements.
!
Instruction Scope
SKILL.md instructs the agent to read/write a persistent cortex file (~/.openclaw/skill-cortex/cortex.json), search external hubs, present candidates, install selected Skills, generate execution plans, run them, and update learning memory. Although it requires explicit user approval for installs and claims write operations never enter reflex, the instructions still enable fetching and executing arbitrary third‑party code and persisting behavioral data — the flow and safeguards for scanning or sandboxing fetched Skills are underspecified.
!
Install Mechanism
There is no install spec (instruction-only), which lowers immediate disk-write risk from the skill bundle itself—but the Skill's runtime behavior depends on installing external Skills from ClawHub/GitHub. The mechanism, hosts, and commands used to install those Skills are not specified; that omission means arbitrary remote archives or repos could be pulled and executed, which is high risk unless clearly constrained to vetted sources and explicit install commands.
!
Credentials
The skill declares no required environment variables or primary credential, yet its DESIGN.md and examples reference reading env names (e.g., TODOIST_API_KEY), running 'which <key>', network endpoints, and possibly invoking other Skills that will need credentials. It may therefore prompt for or consume unrelated credentials during candidate validation or Skill installation; the credential needs and handling are not declared or constrained.
Persistence & Privilege
always:false (good) and installs require user confirmation per SKILL.md, but the Skill creates and maintains a persistent cortex.json under ~/.openclaw/skill-cortex which stores routing and usage data. That persistent store includes signal words and metadata; DESIGN.md claims entity filtering, but the agent will still persist behavioral metadata locally — consider this a privacy/attack surface risk if third‑party Skills can read or exfiltrate it.
What to consider before installing
This Skill is conceptually useful (it lets the agent find and temporarily use other Skills), but it leaves important runtime details unspecified. Before installing: 1) Confirm which installer/tools it will actually call (clawhub CLI, git, curl, package managers) and ensure those binaries will be present or blocked; 2) Expect it to create ~/.openclaw/skill-cortex/cortex.json — back up or inspect that file and verify the entity‑filtering behavior; 3) Recognize that installing third‑party Skills means running unreviewed code — require sandboxing or strict user confirmation for every install and for system dependency installs; 4) Ask the author for explicit install commands, allowed sources (only official ClawHub? only vetted GitHub orgs?), and the exact safety checks performed (VirusTotal, checksums, signatures, sandboxing); 5) If you need stronger guarantees, run the Skill in an isolated environment (VM/container) or decline until the Skill exposes a clear, auditable installation flow. Because runtime behavior depends on external installs that are not fully specified, treat this Skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f8ktaqr5dsykqztg4fbb62981y0tw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Cortex

Triggers when installed Skills cannot complete the current task. If you can handle it yourself, just do it — do not trigger this flow.

Cortex data file: ~/.openclaw/skill-cortex/cortex.json (schema in DESIGN.md).

Phase 1: Perception

  1. Read cortex.json (if missing or corrupt, skip to step 3).
  2. Semantically match the users task description against sensory.patterns signals.
  3. On miss, search ClawHub.

Phase 2: Validation

Present candidates to the user with safety info. Wait for explicit approval before installing.

Phase 3: Execution

Install the Skill, generate an execution plan, execute the task. On failure, auto-recover or switch to next candidate.

Phase 4: Learning

Update the cortex memory. Successful Skills gain weight; failed ones decay.

Boundary Rules

  1. Never interfere with long-term Skills.
  2. Installation requires user confirmation.
  3. System dependency installation requires separate confirmation.
  4. Write operations never enter reflex.
  5. Max 2 candidate switches.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…