Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self Assessment
v1.0.0接受任务前的自我评估协议。Agent 审视自身能力、已有 skills、历史经验,决定是否适合承接任务,或推荐更合适的 agent。
⭐ 0· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (agent self-assessment) aligns with most required actions (inspect identity, skills, and memory). However, the protocol's explicit instruction to search for and automatically install missing skills into workspace/skills/ is more than a passive assessment and expands the skill's effective capabilities (it becomes an installer/orchestrator as well). That is plausible but worth noting as an elevated capability.
Instruction Scope
SKILL.md instructs the agent to read IDENTITY.md, MEMORY.md, workspace/skills/, global skills, and memory/ logs, and to update IDENTITY.md after tasks. It also directs using a 'find-skills' skill to search external hubs and attempt to install new skills into the agent's workspace. These instructions give the skill broad read/write access to agent-local files and the ability to pull and install external code — scope creep that can expose sensitive data (memory logs) and allow arbitrary code to be added.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code, so it does not itself download or install files. The install risk instead comes from the instructions that tell the agent to call a separate 'find-skills' installer; that external install behavior is not part of this package but is recommended by the skill.
Credentials
The skill requests no environment variables, no credentials, and no configuration paths in its metadata. The SKILL.md nevertheless asks to read internal files (IDENTITY.md, MEMORY.md, memory/) which is consistent with self-assessment but could expose sensitive data stored in those files. No unrelated secrets are requested.
Persistence & Privilege
The skill does not set always:true and is not inherently persistent. However, it instructs the agent to install other skills into workspace/skills/ and to update IDENTITY.md, which changes the agent's persistent state. That capability raises privilege concerns because it can expand the agent's toolset without an explicit human check.
What to consider before installing
This skill is mostly coherent with its stated purpose (self-evaluation) but includes instructions that let the agent read and update internal files and to search for and install new skills automatically. Before installing: (1) confirm you are comfortable with the agent reading MEMORY.md, memory logs, and IDENTITY.md (these may contain sensitive data); (2) verify whether the agent is allowed to autonomously install other skills — prefer requiring explicit user approval before any installation; (3) inspect and trust the 'find-skills' skill and any skill sources it will pull from (SkillHub/ClawHub); (4) consider restricting write permission to IDENTITY.md or requiring human review of any changes; and (5) monitor any subsequent installs. If you cannot accept autonomous installs or file writes, do not enable this skill or modify its instructions to remove automatic installation steps.Like a lobster shell, security has layers — review code before you run it.
latestvk97ekq1axk0st3gyk803jkmnyh83az6m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.