ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Test-Driven Revolution

v2.0.1

Test-Driven Revolution implements an AI-driven iterative code evolution system with automated coding, testing, auditing, and controlled task workflows.

0· 61·1 current·1 all-time
byJaden's built a claw@cjboy007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (AI-driven iterative code evolution) aligns with the provided scripts (planning, review, execute, audit, heartbeats, locking). The files implement the planner/reviewer/executor/auditor workflow the skill advertises.
!
Instruction Scope
SKILL.md instructs running the included scripts and scheduling heartbeats; the runtime scripts (iron-heartbeat.js, heartbeat-coordinator.js, auto-plan.js, apply-review.js, etc.) read/write task files and may execute commands produced by model reviews. In particular, executeInSandbox ultimately runs execSync(instructions) where instructions come from review.next_instructions — i.e., model-controlled shell commands are executed in the workspace. Although the docs mention sandboxing and security scans, the code does not enforce a sandbox (comments say Docker/nsjail recommended but not used) and relies on security-scan and user/manual steps that may be bypassed. This expands scope beyond safe, narrowly-scoped actions.
Install Mechanism
There is no install spec (instruction-only from registry perspective) and code files are provided. Nothing in the package pulls arbitrary external binaries; risk comes from runtime execution rather than install-time downloads.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the files (they assume model access provided by the OpenClaw environment). There are references to model names and sessions_spawn, but no unexpected credential requests embedded in the manifest. That said, the skill will execute arbitrary commands and could access any files in the workspace without asking for additional env secrets.
Persistence & Privilege
always is false and the skill does not request to modify other skills. However, SKILL.md and README recommend scheduling cron heartbeats and creating long-running agent heartbeats (Wilson/Iron/Auditor), which gives the skill a persistent operational presence if the user follows those instructions. Persistent execution combined with arbitrary command execution increases blast radius if misused.
What to consider before installing
This skill implements an automated pipeline that accepts model-generated instructions and runs them as shell commands in your workspace. Before installing or scheduling its heartbeats: - Do NOT run these scripts on a machine with sensitive data or credentials. Use an isolated VM or container. - Inspect security-scan.js and confirm it reliably blocks dangerous patterns you care about (it is referenced but enforcement appears partial). - Replace or enforce a real sandbox (Docker, nsjail, or other containerization) for executeInSandbox instead of the current execSync-based execution. The code has comments recommending sandboxing but does not enforce it. - Avoid automatically scheduling cron jobs until you trust the code; run tasks manually first and watch logs/events.log. - Review how review.next_instructions is produced and validated: model outputs can include network exfiltration, credential-stealing commands, or destructive operations. Ensure review outputs are human-reviewed or strictly validated before execution. - If you want to proceed, run the skill in a tightly restricted environment, audit logs regularly, and do not grant the host any secrets or cloud credentials accessible from the skill's workspace. Given the mismatch between claimed safety controls (sandboxing, scans) and the current implementation (direct execSync), treat this skill as high-risk until you harden execution and verification paths.
scripts/heartbeat-coordinator.js:50
Shell command execution detected (child_process).
scripts/iron-heartbeat.js:126
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

agent-skillsvk9733x6kvmjnx5jv28fhqg6zzs83s9gkaivk9733x6kvmjnx5jv28fhqg6zzs83s9gkautomationvk9733x6kvmjnx5jv28fhqg6zzs83s9gklatestvk975j4mdf9853sba4jb218yey183t4kxtestingvk9733x6kvmjnx5jv28fhqg6zzs83s9gk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments