ClawHub

continuous-agent-loop

v1.0.3

Canonical patterns for continuous autonomous agent loops with quality gates, evals, and recovery controls. Supports sequential, RFC, CI/PR, and exploratory l...

0· 54·0 current·0 all-time
byDeonte Cooper@djc00p
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill provides patterns for continuous agent loops and ships a deterministic harness audit script that scores repos. The required env var AUDIT_ROOT aligns with the script's need for a target root path. One minor mismatch: SKILL.md tells users to run `node scripts/harness-audit.js` but the skill's metadata does not list `node` under required binaries.
Instruction Scope
Runtime instructions direct the agent to run the included Node script which enumerates and reads files under the provided root and also probes common plugin locations under HOME. This is expected for an audit tool, but the script can read arbitrary files under AUDIT_ROOT (and looks at HOME for plugin manifests) so the operator should avoid pointing AUDIT_ROOT at sensitive system locations.
Install Mechanism
No install spec or remote downloads are used; this is an instruction-only skill with a bundled JS script. No external code is fetched at runtime, lowering install-time risk.
Credentials
Declared required env var is only AUDIT_ROOT, which is proportional. The script also reads process.env.HOME (typical) to look for plugin installs; HOME wasn't declared but is an OS-provided variable. The script reads repository files (package.json, hooks, agents, etc.), which is expected but means secrets present in the audited path could be read and included in output.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills or system config, and has no install-time persistence. It can be invoked autonomously by the agent (normal default), but has no extra privileges.
Assessment
This skill appears to do what it says: run a deterministic repository harness audit. Before running it, confirm you have Node installed (SKILL.md uses `node` but the metadata doesn't list it), and set AUDIT_ROOT to the intended repository path (do NOT point it at `/` or other sensitive directories). Review scripts/harness-audit.js yourself if you need stronger assurance — it reads files under AUDIT_ROOT and probes HOME for plugin manifests, so outputs may include any readable files in those locations. Run with `--format json` for machine-readable results, and consider running in a sandboxed environment if you're auditing an unfamiliar repo.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b85kg2z0m727sj0fgv6peeh84btzq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSLinux · macOS · Windows
EnvAUDIT_ROOT

Comments