ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Autoresearch

v1.0.0

Autonomous AI research skill for running automated neural network experiments. This skill should be used when the user wants to set up autonomous AI research...

0· 88·0 current·0 all-time
by@baiyunrei2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files (prepare.py, train.py, program.md, SKILL.md) implement exactly the claimed functionality: an agent-modifiable training script with a 5-minute experiment loop. However the package metadata provides no homepage and 'Source: unknown' while SKILL.md and README claim this is 'based on Andrej Karpathy's autoresearch' and instruct cloning https://github.com/karpathy/autoresearch; the provenance is unclear (possible impersonation or a fork). Aside from provenance, the requested files and operations are consistent with an autonomous research skill.
!
Instruction Scope
Runtime instructions explicitly direct autonomous modification of train.py, committing changes, and running experiments in an infinite loop with the mandate 'DO NOT pause… Continue working indefinitely until manually stopped.' The skill instructs network activity (git clone, downloading data shards from Hugging Face) and running arbitrary Python code that the agent edits. While these are coherent with the purpose, the 'never ask the human'/autonomous forever behavior and the ability to make and execute arbitrary code changes are high-risk operationally and scope-expanding.
Install Mechanism
There is no install spec embedded in the skill bundle (instruction-only), but the docs direct use of external installers and package managers: running 'curl ... | sh' to install 'uv', then 'uv sync' to pull dependencies including torch from a custom PyTorch index. These are standard for ML projects but will fetch and install large packages and potentially repo-sourced kernels (the 'kernels' dependency can select flash-attn backends). The external install scripts and heavy dependencies increase operational risk and should be reviewed before execution.
Credentials
The skill declares no required environment variables or credentials. It does read/write to user cache paths (~/.cache/autoresearch) which is expected for dataset/tokenizer storage. Network access is required to download datasets and potentially kernel code, but requested environment/credential access is proportionate to the stated training task.
!
Persistence & Privilege
The skill does not set 'always: true', but SKILL.md explicitly instructs the agent to run autonomously and 'NEVER STOP' once the loop begins. Autonomous invocation combined with an instruction to loop forever and to modify-and-execute code increases blast radius: the agent could make many successive code changes and run them repeatedly. This is permitted by platform defaults but is a significant operational risk and should be limited by human controls (timeouts, resource quotas, manual approval).
What to consider before installing
This skill appears to implement an autonomous experiment loop as claimed, but take these precautions before installing or running it: 1. Verify provenance: the registry metadata lacks a homepage and lists source 'unknown' while the README/README.md references Karpathy's repo. Confirm you have the authentic upstream repository (check commit history on GitHub) or treat this as an untrusted fork. 2. Review code locally first: read prepare.py and train.py in full and search for any network endpoints, telemetry, or unexpected system calls. Pay attention to any code that would send data off-host or read unrelated files. 3. Run in isolation: execute inside a disposable VM, container, or dedicated machine (not your laptop or production host). Limit GPU access and disk usage. Create a small test run (use limited num-shards) to avoid massive downloads and long/expensive runs. 4. Restrict autonomy: do not allow the agent to run 'forever'. Add explicit limits (max iterations, wall-clock timeout, human-in-the-loop approval steps) before letting it auto-commit and re-run code. 5. Monitor resource usage: the skill downloads datasets, installs heavy packages (PyTorch), and runs GPU jobs. Set caps on bandwidth, disk, and GPU time to prevent abuse or accidental large bills. 6. Validate external installers: the README suggests running a curl | sh to install 'uv'—avoid blind execution of arbitrary install scripts; inspect them first or install via your platform's package manager. 7. If you intend to proceed, prefer running a baseline single manual run first (not autonomous) to confirm behavior, then enable limited automated experimentation with oversight. If you want, I can: (a) summarize all external network endpoints the code touches, (b) point out exact locations in the code where the agent can inject changes, or (c) suggest safe modifications to program.md/prepare.py to add human approval checkpoints and resource limits.
train.py:611
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972p8xfzjxj7pze94cxzt7ak1839dtb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments