Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Autonomous Cascade
v1.0.0Führt mehrstufige Tasks autonom durch Planen, Ausführen und Bewerten in Schleifen, bis Ziel erreicht oder Budget erschöpft ist.
⭐ 0· 44·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description claim an autonomous multi-round planner, and the SKILL.md implements that loop (PLAN → ROUNDS with THINK/ACT/EVALUATE). The requested capabilities (running system/network/process checks and optionally writing to filesystem or network) are consistent with diagnostic/automation tasks. Minor note: the skill declares no required binaries or credentials even though examples call platform tools (netstat, taskkill, Start gateway.cmd) — that's plausible for an instruction-only skill but should be documented so deployers know what host tools must be available.
Instruction Scope
The instructions explicitly direct the agent to run system-changing commands (e.g., taskkill, Start *.cmd) and to allow write_fs/networked risk levels. That can be appropriate for automation/diagnostics, but the SKILL.md gives wide discretion about what 'ACT' can run and when to change system state. It also contains an incoherent 'Octopaminergic Override' section that mixes unrelated signals (e.g., 'USDT < $5' as a system-stress indicator, reference to EPERM and 'Loop dead'). Those elements are unclear and could lead to unpredictable or unintended actions if the agent uses them as triggers.
Install Mechanism
No install spec and no code files (instruction-only). This lowers supply-chain risk because nothing is downloaded or written by an installer. Behavior is entirely driven by runtime instructions.
Credentials
The skill does not request credentials, environment variables, or config paths. That is proportionate to an instruction-only planner. Note: the SKILL.md references external signals (e.g., a USDT price check) but provides no guidance about how to obtain that data or what credentials/APIs to use; if the implementation attempts to call external services, those calls and any required keys should be explicitly declared.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistent privileges. Autonomous invocation is allowed (platform default) — combined with the skill's ability to run system commands, this increases blast radius but is an expected property of autonomous skills.
What to consider before installing
This skill implements a powerful autonomous loop that may run local commands and change system state (kill processes, start scripts, write files, use network). Before installing: 1) Confirm which host tools and commands the skill is allowed to run and restrict or whitelist them. 2) Ask the author to remove or explain the 'Octopaminergic Override' (references to USDT < $5 and EPERM are unclear and could cause surprising behavior). 3) Require explicit user approval for any write_fs or network actions, or run the skill in a sandboxed/test environment first. 4) Log all ACT steps and make a dry-run mode available so you can review planned actions before they execute. If the author cannot clarify the external triggers and safeguards, treat the skill as high-risk and avoid granting it access to production systems.Like a lobster shell, security has layers — review code before you run it.
latestvk972dm0kbhyza5hsx1zx9febc584bhry
License
MIT-0
Free to use, modify, and redistribute. No attribution required.