ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Batch Cognition

v1.1.0

Process bulk prompt batches with alternating play/think cognitive loops. Use when user says "batch incoming", "multiple prompts incoming", "corpus incoming",...

0· 78·0 current·0 all-time
byKairoKid@dodge1218
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (bulk prompt processing with play/think cycles) lines up with the SKILL.md: it saves batches, processes items, checkpoints, and writes chain/summary files. However, the skill explicitly references Google Drive GUI navigation and web research/citation requirements while declaring no required credentials or environment variables — this reliance on unspecified external access is a mismatch worth noting.
!
Instruction Scope
The runtime instructions tell the agent to parse and save entire batches to workspace/systems/..., read prior batch artifacts, perform per-item 'EXECUTE' actions (including 'research' and generating artifacts), and fetch/cite sources. 'Execute the prompt' can mean performing arbitrary actions implied by user prompts; there are no explicit limits or safeguards. The skill also autonomously continues after 30s of silence. These behaviors expand the agent's scope to file I/O and network activity and could cause unintended data retention or external requests.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or installed by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is generally proportional. But it expects Drive access and web research (network I/O) without declaring required credentials/APIs; that implicit dependency should be clarified. It writes persistent files under workspace/systems/batch-cognition, meaning local storage access is required.
Persistence & Privilege
The skill writes multiple persistent artifacts (batch docs, chain blocks, value-stack, parked/discarded lists) under workspace/systems/batch-cognition. always:false (not forced into every agent run) is appropriate, but the persistent on-disk storage of all user prompts — including potentially sensitive content — is a notable persistence behavior the user should be aware of.
What to consider before installing
This skill appears to implement the batch processing it describes, but it will save every prompt to disk and may perform network research and access Google Drive without declaring credentials. Before installing or invoking: 1) Confirm how your agent/platform handles Drive access and OAuth — the skill assumes Drive navigation but does not declare required creds. 2) Expect persistent storage of all batch inputs under workspace/systems/batch-cognition; review and purge those files if prompts contain secrets. 3) Be cautious running untrusted batches because 'EXECUTE' plus autonomous continuation can cause broad activity (web fetches, artifact generation). 4) Ask the skill author to document what external APIs/capabilities are required and to add safeguards (explicit opt-in for network/Drive access, limits on token budgets, and a retention/erase policy). If you need guarantees about privacy or limited external access, do not run this skill until those clarifications are provided.

Like a lobster shell, security has layers — review code before you run it.

latestvk9712pegw0z5w2b3j56vjxm77983ysy0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments