ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Autopilot

v9.0.1

OpenClaw is the high-autonomy agent mode. It proactively decides, plans, and executes tasks with deep context fusion, including a full sweep of historical me...

0· 60·0 current·0 all-time
byHendrik Schmitz@hendr15k
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (high-autonomy 'Autopilot') reasonably justifies reading MEMORY.md and memory/*.md and maintaining an idea queue and worklog. However, the skill also instructs broader actions (e.g., 'scan filesystem', 'read ALL cron jobs') that go beyond typical "context fusion" and are not clearly justified by the description.
!
Instruction Scope
SKILL.md explicitly directs the agent to perform a "full historical memory sweep" (MEMORY.md, all memory/*.md) and to 'scan filesystem' and 'read ALL cron jobs'. Reading user memory files is consistent with purpose, but 'scan filesystem' and enumerating cron jobs are vague and broad operations that could access unrelated or sensitive data. The instructions also include automatic execution of "strong ideas" (execute immediately) which grants the agent broad discretion without requiring explicit, per-action user consent.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is downloaded or written to disk by an installer. This limits supply-chain risk compared with skills that install binaries or fetch archives.
Credentials
No environment variables, credentials, or config paths are declared/required (good). Despite that, the instructions call for scanning the filesystem, cron jobs, and worklog files — effectively requesting broad local data access even though no explicit env/config access is declared. That mismatch (no declared requirements but broad implicit file access) is worth caution.
Persistence & Privilege
always:false (normal). The skill is user-invocable and allowed to be invoked autonomously by the agent (platform default). The combination of autonomous invocation + the instruction to sweep memory and possibly auto-execute "strong ideas" increases the blast radius compared to a passive helper, so consider runtime safeguards (confirmations, visibility) before granting it active use.
What to consider before installing
This Autopilot skill is plausible for a high-autonomy agent but contains broad, potentially privacy-invasive instructions (full memory sweep, filesystem scan, listing cron jobs, and auto-executing 'strong' ideas). Before enabling it: (1) confirm what filesystem paths and cron data the agent may access and insist on scoping that to known app directories rather than whole filesystem; (2) require explicit, per-action user confirmation for any automatic execution of proposed ideas; (3) restrict or redact highly sensitive memory files (financial, secrets) from the memory corpus or run the skill in a sandboxed environment; (4) ask the skill author to replace vague steps like "scan filesystem" with precise, limited reads, or add explicit consent prompts; (5) enable audit logging or ask for a preview step so the agent shows planned actions before executing. Those mitigations will reduce privacy/exfiltration risk while keeping the skill's intended autonomy.

Like a lobster shell, security has layers — review code before you run it.

latestvk975srs4x4v4g6ja43x6k8x2px8449s4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments