ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AS Autoresearch Loop

v1.4.0

Apply Karpathy's autoresearch methodology to iteratively improve anything measurable — Claude skills, n8n workflows, system prompts, business processes, or a...

0· 73·0 current·0 all-time
by@autosolutionsai-didac
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the files are consistent: this is an instruction-only autoresearch loop for iteratively improving measurable artifacts. It requests no binaries, env vars, or installs, which is proportionate for a methodology/instruction skill that edits files and runs evals.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to read and modify artifacts, create and update results.tsv, version kept artifacts, run evaluations, and (critically) to 'LOOP FOREVER' and 'NEVER STOP' once started, and in other variants to 'ALWAYS trigger' on many user phrases. Those directives give the agent broad discretion to run repeated edits and evaluations without asking the user again. While file read/write is expected for this skill, instructing indefinite autonomous operation and not requiring reconfirmation is scope creep that materially increases risk (unbounded changes to user files, accidental deployment of changes, or runaway costs from repeated model calls).
Install Mechanism
No install spec, no code files executed — instruction-only skill. This is the lowest-risk install profile and matches the declared metadata.
Credentials
The skill requests no environment variables/credentials and does not require unrelated services. It expects filesystem access to read/write artifacts and results.tsv (normal for this functionality), but it does not declare access to other credentials or system configs.
!
Persistence & Privilege
The registry flags show always:false and normal autonomous invocation allowed. However, the runtime instructions explicitly encourage indefinite autonomous runs and to 'never pause to ask the user' — combined with the platform's default ability for agents to invoke skills autonomously, this creates a persistent, high-blast-radius capability (continuous unattended edits and repeated model/API usage). The skill itself does not request always:true, but its text effectively demands always-available, long-running behavior unless the platform or user enforces limits.
What to consider before installing
This skill is coherent for its stated purpose, but it includes explicit instructions to run indefinitely and to not ask the user for further permission. Before installing or enabling it for autonomous use: - Prefer a moderated configuration: require explicit user confirmation after each iteration batch (or after N iterations), or set a firm iteration/time budget and stop condition. - Never allow it to run directly against live/production artifacts; ensure it only works on sandbox copies and that backups/version control exist. - Limit model call budget and set timeouts to prevent runaway costs. - If you want to allow autonomous experiments, change the skill text to ask for user confirmation on start and after each X experiments, or at minimum enforce a maximum iteration count or wall-clock timeout. - Consider disabling autonomous invocation (or leaving user-invocable only) until you audit its behavior with small, supervised runs. If you cannot enforce such limits, treat this skill as higher risk and avoid permitting it to run unsupervised.

Like a lobster shell, security has layers — review code before you run it.

latestvk977r4w1fsxry45d76r61k1dkh841asd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments