Enoch Tuning
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: enoch-tuning Version: 1.4.0 The skill bundle is classified as **suspicious**. The `integrations/x-bookmarks/scripts/x-bookmarks-auth.sh` script is suspicious due to its use of `python3 -c "..."` to execute a multi-line script that handles sensitive OAuth credentials, sets up a local HTTP server, and stores tokens. While it employs secure OAuth practices (PKCE) and sets appropriate file permissions (0o600), this is a powerful, high-privilege operation. Additionally, the `integrations/x-bookmarks/research-prompt.md` instructs the AI agent to use `web_fetch` on external URLs found in bookmarks. This presents a vulnerability for potential Server-Side Request Forgery (SSRF) or other web-based attacks if the `web_fetch` tool is not robustly sandboxed, as the agent is directed to fetch content from potentially untrusted sources. The `setup/lock-identity.sh` script also uses `sudo` to modify file ownership and permissions, which, while intended for security hardening, is a powerful operation that warrants scrutiny. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, backdoors, or obfuscation for evasion. The skill's documentation and agent templates (`SOUL.md`, `AGENTS.md`, `SECURITY.md`) explicitly promote strong security practices, verification, and controlled agent behavior, which mitigates the risk of prompt injection or agent misuse, but the identified vulnerabilities remain.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may keep doing internal work, indexing, or scheduled tasks when you are silent or away, unless you narrow these rules.
The template explicitly authorizes scheduled jobs, workspace indexing, and proactive AFK work without asking, which creates persistent autonomous behavior beyond a single user request.
### Fully Automated (no asking required) - Scheduled cron jobs - Memory organization and consolidation - Workspace indexing - Proactive work during AFK: organize memory, update docs, work from task queue
Before installing, change the automation tiers to require approval for cron jobs, workspace indexing, and AFK work; define stop conditions and allowed directories.
Private facts, decisions, commitments, and personal context can be stored and reused across future sessions, including information you may not intend to become long-term agent context.
The agent is instructed to read and reuse personalized identity, user, daily log, and memory files every session, and to persist new memories, but the artifacts do not define retention limits, exclusions, or review controls.
Every Session 1. Read `SOUL.md` 2. Read `USER.md` 3. Read `memory/YYYY-MM-DD.md` ... "Remember this" → write to typed memory + update VAULT_INDEX.md immediately
Set clear memory rules before use: allowed memory paths, sensitive exclusions, retention periods, review before consolidation, and when the agent must not remember something.
Bookmark summaries or linked-content analysis could be sent to a group/channel automatically if this integration is enabled.
The optional bookmark workflow directs the agent to post analysis messages to a channel and can be wired to cron, but the prompt does not restate an approval gate or clearly bound the channel audience.
Post to your research channel — one message per bookmark ... Cron Setup (optional) ... run `python3 scripts/x-bookmarks-sync.py --detect-new` and analyze any new bookmarks.
Require explicit approval before posting to any external channel, confirm whether the channel is private, and disable or narrow the cron workflow until tested.
Your personalized operating rules may become harder to edit and may be readable by other local accounts/processes on multi-user systems.
After personalization, the script uses sudo to make core identity files root-owned and mode 444, which is read-only but also readable by all local users.
sudo chown root:staff "$WORKSPACE/SOUL.md" "$WORKSPACE/AGENTS.md" sudo chmod 444 "$WORKSPACE/SOUL.md" "$WORKSPACE/AGENTS.md"
Review the script before running it; consider 400/600 or a trusted group mode instead of 444, and keep a clear undo procedure.
If enabled, the integration can keep reading your X bookmarks until the token is revoked or removed.
The X integration uses expected OAuth access for bookmark syncing, including offline refresh, and stores tokens locally.
scopes: `bookmark.read tweet.read users.read offline.access` ... token saves automatically to `~/.openclaw/credentials/x-oauth-token.json`
Use a dedicated X developer app, protect the credentials directory, avoid committing token files, and revoke the token if you stop using the integration.