ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Subconscious

v1.8.0

Autonomous, bounded bias layer that continuously evolves Alfred’s operating behavior by reinforcing, promoting, and governing self-improvement learnings and...

0· 54·0 current·0 all-time
by@elyasdruid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a bounded, non-proactive bias layer but the package includes an installer that sets up recurring cron jobs (*/5 tick, hourly rotate with --enable-promotion, daily review, weekly benchmark). That installer therefore enables autonomous, persistent operation and auto-promotion of learnings — behavior not aligned with the SKILL.md top-line guidance to not invoke proactively. The package also bundles a second skill (self-improving-agent) inside the repo; bundling is plausible for convenience but increases the footprint and provenance concerns given the registry metadata lists no install spec and source is 'unknown'.
!
Instruction Scope
The runtime instructions and code read and write files under the OpenClaw workspace (e.g., ~/.openclaw/workspace-*/.learnings/ and memory/subconscious/). That is expected for a memory/bias system, but there is a clear contradiction: SKILL.md warns 'Do NOT invoke proactively' while other docs and the installer explicitly recommend and install automatic tick/rotate cron jobs and even call the learnings bridge automatically. The skill scans project learnings files and can promote items to live biases which are then injected into session prompts — this is powerful and should only run with explicit user consent, but the installer opts for automatic scheduling by default.
!
Install Mechanism
Registry metadata shows 'no install spec (instruction-only)', but the package contains a full installer script (scripts/install.sh) that modifies the user's crontab, creates directories/files under the detected workspace, and writes log files. The installer attempts to auto-detect the workspace and non-interactively edits crontab entries, enabling auto-promotion. Installing will therefore create persistent scheduled tasks on the host — a higher-risk install action than an instruction-only skill implies.
Credentials
The skill declares no required environment variables or credentials (only an optional SUBCONSCIOUS_WORKSPACE override). However, it reads and writes workspace files (.learnings/*, memory/subconscious/*) which may contain user-provided content. The self-improving-agent component explicitly warns not to log secrets, but the skill will index whatever is present in .learnings; if those files contain sensitive data, they could be read and turned into biases. No remote endpoints or secret-env-vars are requested, which is proportionate, but the file-level access to workspace content is noteworthy.
!
Persistence & Privilege
Although the skill is not marked 'always: true', the installer grants it persistent presence by adding cron jobs that run every 5 minutes and hourly (with --enable-promotion) and weekly benchmarks. Those cron jobs enable autonomous modification of the memory stores and promotion of biases without further manual invocation. This persistent autonomous behavior contradicts the 'do NOT invoke proactively' advisory in SKILL.md and increases the blast radius if a promoted bias is undesirable.
What to consider before installing
Before installing, consider the following: - Inspect scripts/install.sh line-by-line and do not run it blindly. That script will edit your crontab and create scheduled jobs that run every 5 minutes and hourly (the hourly job uses --enable-promotion by default). - If you want manual control, remove the --enable-promotion flag from the rotate cron entry (or don't install cron entries at all) so promotions only happen when you explicitly run the rotate command. - Backup your current crontab and OpenClaw workspace before running the installer (crontab -l > crontab.before) so you can restore it if needed. - Audit your workspace .learnings/ files for any sensitive information before connecting this skill; the skill will read those files and can convert learnings into injected biases. - Confirm you trust the package source and bundled self-improving-agent; registry metadata lists source as unknown and homepage absent — provenance is weak. Consider obtaining the package from a vetted source or inspecting all included code (the repo contains many Python modules that manage persistence and promotion logic). - If you prefer less autonomy, run the metabolism scripts manually (tick/rotate/review) from the scripts/ directory rather than installing cron jobs. - Verify hooks are not enabled: the package includes optional hooks for the self-improving-agent but they are disabled by default; do not copy them into your OpenClaw hooks directory unless you understand the implications. Given the contradiction between 'do not invoke proactively' in the SKILL.md and the installer's automatic cron + auto-promotion behavior, treat this package with caution and prefer a manual installation path or remove the scheduled auto-promotion before enabling it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzacqbgr1e7a34vpcv6wbq983ye1k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments