ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Intent-Engineering

v1.0.0

A meta-framework for designing, building, and orchestrating an ecosystem of strategically-aligned agent skills. This skill governs how the agent itself opera...

0· 24·0 current·0 all-time
byDaniel Foo Jun Wei@danielfoojunwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and provided resources (skill_registry.json, data contracts, governance docs, scripts/orchestrator.py) are coherent with a meta-framework for building and orchestrating skill ecosystems. The files present match the claimed purpose. One provenance note: the source/homepage is unknown which reduces trust but does not itself make the capability incoherent.
!
Instruction Scope
SKILL.md explicitly instructs the agent to use this framework to guide its own reasoning and to 'improve and extend the intent-engineering skill itself' (recursive self-modification). That is a broad, open-ended instruction granting the agent discretion to modify skills, register new skills, and orchestrate calls across the ecosystem. The instructions reference scripts/orchestrator.py and various registries — they do not declare explicit limits on what the agent may read or write, creating scope creep and risk of unintended changes to skill files or registries.
Install Mechanism
No install spec or external downloads are declared; the package is instruction-plus-bundled-files only. There are included Python scripts (scripts/*.py) but nothing in the metadata indicates remote code fetching or archive extraction. This lowers install-time supply-chain risk, but the presence of executable scripts means runtime execution could perform privileged actions if allowed.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a governance/orchestration framework. However, bundled Python scripts may still access environment variables, files, or network at runtime; SKILL.md does not enumerate or constrain what env/config the scripts may use. Because provenance is unknown, this is a cautionary signal rather than a confirmed mismatch.
!
Persistence & Privilege
always:false and normal autonomous invocation are set (no immediate red flag). But the skill's explicit goal of self-governance and recursive improvement implies it may modify registry files, templates, or skill files (which are included). The combination of executable scripts + instructions to update/extend the ecosystem suggest it could alter other skills or system artifacts if the agent has filesystem or config write permissions. That potential to persist changes across runs is a notable privilege to be aware of.
What to consider before installing
This skill appears to implement a plausible meta-framework, but it also instructs the agent to modify and govern its own skills — a powerful capability that can change behavior persistently. Before installing or enabling: 1) Review the Python scripts (scripts/orchestrator.py, contract_validator.py, ecosystem_analyzer.py) for any network calls, arbitrary code execution, file write operations, subprocess uses, or reads of environment/credential files. 2) Run the skill in a tightly restricted sandbox (no write access to skill bundles or system-wide config) until you are confident of its behavior. 3) If you plan to allow it to run autonomously, ensure audit logging and human-in-the-loop gating for any actions that change skill code, registries, or escalate privileges. 4) Because the source/homepage is unknown, prefer a manual code review and consider limiting its permissions (filesystem, network, ability to modify other skills) or using a vetted alternative. If you want, I can summarize the orchestrator.py and other scripts line-by-line to highlight risky operations to inspect.
scripts/orchestrator.py:459
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3rm8k7ey7v8pn21nhevey1849kx2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments