SynBO (Synthetic Bayesian Optimization)
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup can install third-party software and modify the local Python or shell environment.
The installation guide runs a downloaded Miniconda installer and installs unpinned Python packages. This is expected for a SynBO toolchain, but it relies on external supply-chain trust.
curl -fsSL https://mirrors.tuna.tsinghua.edu.cn/... -o miniconda.sh bash miniconda.sh -b -p $HOME/miniconda3 ... pip install qspoc pip install synbo
Use a trusted Miniconda source, verify installer checksums when possible, pin package versions, and run the environment in an isolated conda environment.
Future runs may use a previously saved project directory, so outputs could go to the wrong location if the config is stale or tampered with.
The skill persists the user's project path and project name, then reuses them on later runs. This is purpose-aligned but creates persistent local state that could become stale or be edited.
Read `config.json` located in the skill's directory... immediately write/update the `config.json` file with this format: `{"project_wd": "xxx", "project_name": "xxx"}`.Confirm the displayed project name and working directory before running optimization, and delete or edit the config file when changing projects.