AutoSkill Local Skill Manager
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: autoskill-local-skill-manager Version: 0.1.7 The 'autoskill' bundle implements a proactive local skill manager that monitors user conversations in the background to extract and persist reusable agent behaviors. While the stated intent is benign, the skill requires high-risk capabilities including local file system read/write access and the execution of shell commands (e.g., 'rg', 'npx', and 'python3') for skill discovery and validation (SKILL.md). The instructions encourage the agent to autonomously initiate extraction checks and search external ecosystems (skills.sh), which, combined with the proactive background scanning of all user input, creates a significant attack surface for prompt injection and potential local system compromise if the agent misinterprets session data as command parameters.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved skill updates can persist personal preferences, team rules, or workflow conventions and may influence future agent behavior.
The skill is intentionally designed to preserve reusable session knowledge into local skills that may be reused in future sessions.
Maintain the user's personal local skill files as a lightweight self-improving memory system.
Review proposed skill text before approving it, avoid saving secrets or overly broad rules, and keep backups of important local skills.
If a user approves a bad proposal, local agent skills could be changed in ways that affect future tasks.
The skill can manage high-impact local skill actions, including deletion, import, installation, and rewriting, but the documented workflow requires user confirmation.
Requires user confirmation before creating, updating, deleting, importing, installing, enabling, or materially rewriting skills.
Approve only narrowly scoped changes with clear target paths and understandable diffs; do not approve destructive or broad changes unless intended.
A query derived from personal or team-specific workflow material could reveal limited context to an external skill-search service.
External skill discovery is disclosed and purpose-aligned, but search queries may leave the local environment.
Searches local skills first, then uses external sources such as `npx skills find <query>` and skills.sh when external discovery is requested or duplicate risk is high.
Ask the agent to use local-only search for sensitive topics, or review/redact external search queries before they are sent.