Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MARL — Multi-stage Reasoning Middleware
v1.0.0Multi-stage multi-agent reasoning middleware that reduces LLM hallucination by 70%+. 9 specialized emergence engines for invention, creative, pharma, genomic...
⭐ 6· 326·1 current·1 all-time
byVIDRAFT@cutechicken99
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a local multi-stage middleware that sits between the agent and any LLM — that purpose matches the configuration examples (setting baseURL to localhost). However the registry metadata listed 'source: unknown / homepage: none' while the SKILL.md includes links to PyPI, GitHub, Docker Hub and a website; this mismatch is noteworthy and should be verified. Claim that core engine is 'compiled binaries' is plausible but not visible in the skill bundle (instruction-only).
Instruction Scope
Instructions are limited and focused: they tell the user to run MARL locally (docker/pip/Space) and point OpenClaw to a local baseURL. The SKILL.md does not instruct the agent to read unrelated files or environment vars. However it explicitly states 'your data never leaves your infrastructure' while also saying MARL will make API calls to the chosen LLM — if that chosen LLM is a cloud service, user data will leave the host. That is a misleading privacy claim and an operational ambiguity the user should understand.
Install Mechanism
The registry bundle contains no install spec (instruction-only), but the README recommends running third-party artifacts (docker image vidraft/marl, pip package 'marl-middleware', and a HuggingFace Space). Those external artifacts may execute arbitrary code; the skill package provides no verification or hashes. Because installing/running the Docker image or pip package is how the middleware is actually deployed, the user should verify the Docker Hub/PyPI/GitHub releases and their provenance before running.
Credentials
The skill declares no required env vars or credentials, and SKILL.md does not request secrets. That is proportionate for an instruction-only skill; note though that the MARL service itself (outside this skill) will likely require API keys to call external LLMs — those credentials are not requested here but are necessary for operation if you use cloud LLMs.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It's user-invocable and does not modify other skills or system-wide settings as presented.
What to consider before installing
This skill is an instruction-only wrapper that directs you to run a third-party MARL service (Docker image, pip package, or HuggingFace Space). Before installing or routing agent traffic through it, verify the upstream artifacts (Docker Hub image, PyPI package, GitHub repo and releases) and confirm they come from the claimed publisher. Don't assume 'data never leaves your infrastructure' — if you configure MARL to use cloud LLMs, your prompts/results will be sent to those providers. Run the Docker/pip artifacts in an isolated environment (container/VM) first, inspect the source code on GitHub, check PyPI/Docker release signatures or hashes if available, and review the service's configuration for where it sends model queries (local vs. cloud). If you plan to use sensitive domains (pharma, genomics, chemistry), treat outputs and the service itself as higher-risk and perform additional review/auditing before production use.Like a lobster shell, security has layers — review code before you run it.
Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
emergencevk976e9ypvdhzfhtyn9hy1cbmhd82kf6qhallucinationvk976e9ypvdhzfhtyn9hy1cbmhd82kf6qlatestvk976e9ypvdhzfhtyn9hy1cbmhd82kf6qllmvk976e9ypvdhzfhtyn9hy1cbmhd82kf6qmetacognitionvk976e9ypvdhzfhtyn9hy1cbmhd82kf6qmiddlewarevk976e9ypvdhzfhtyn9hy1cbmhd82kf6qmulti-agentvk976e9ypvdhzfhtyn9hy1cbmhd82kf6qreasoningvk976e9ypvdhzfhtyn9hy1cbmhd82kf6q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Config example
Starter config for this plugin bundle.
llm: baseURL: "http://localhost:8080/v1" model: "gpt-5.4::create"