ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mentor

v2.3.0

Self-improving orchestration and evaluation engine for long-running multi-skill workflows. Analyzes journals, evaluates variants, and proposes skill improvem...

0· 154·0 current·0 all-time
byIndigo Karasu@indigokarasu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an orchestration/evaluation engine that reads journals and proposes improvements — that aligns with most instructions and the declared filesystem read of journals. However, the included workflow plans (e.g., contact-enrichment) call out first-party Gmail scanning and require a GOG account variable ($GOG_ACCOUNT) and invocation of a 'gog' tool/skill, yet the skill declares no required environment variables or required binaries. Also SKILL.md and README reference writing ExperimentRequest files to Fellow intake, but skill.json's write list omits the ocas-fellow intake path. These mismatches mean the skill's declared requirements do not fully reflect what it will attempt to do at runtime.
!
Instruction Scope
SKILL.md instructs Mentor to recursively read all skills' journals at ~/openclaw/journals/ (expected for evaluation). It also documents plans that will scan the user's entire Gmail history (first-party signals) and write facts into a personal graph (Weave). Those behaviors are sensitive but consistent with the 'contact-enrichment' plan. The concern is that the instructions reference environment variables, other skills, and filesystem write targets not fully declared in skill metadata (e.g., Fellow intake path), and the plan explicitly says 'Review ALL returned messages' — a high-privilege action that should be highlighted to users before enabling automated heartbeats or cron runs.
Install Mechanism
This is an instruction-only skill with no install spec in the registry (the SKILL.md contains a suggested one-line openclaw installer). No packages or external archives are automatically downloaded by the registry metadata — lowest install risk. Risk arises from runtime behavior (invoking other skills/tools) rather than install-time payloads.
!
Credentials
The skill declares no required environment variables or primary credential, but plan steps and runtime commands reference $GOG_ACCOUNT (for Gmail via 'gog'), and runtime expects other skills (weave, fellow, forge) to be available and authorized. Requesting no env creds in metadata while expecting sensitive credentials at runtime is inconsistent and could cause silent failures or unexpected prompts. The skill will perform sensitive operations (read Gmail, write to Weave) that require credentials; those should be explicitly declared and justified in the metadata.
Persistence & Privilege
always:false (good). The skill is allowed autonomous invocation (disable-model-invocation:false) — normal for skills. The skill.json lists explicit filesystem read/write paths that grant access to cross-skill journals and to the Forge intake directory; reading all journals is powerful but coherent with Mentor's role. There is a minor mismatch: SKILL.md describes writing to Fellow intake (~/openclaw/data/ocas-fellow/intake/) but skill.json's write list does not include that path — a permissions/manifest inconsistency to resolve before enabling automated heartbeats or cron jobs.
What to consider before installing
What to consider before installing: - This skill is an orchestration/evaluation engine and is designed to read all skill journals (~/openclaw/journals/) and to write proposals/decisions to the Forge intake. That behavior matches its purpose, but it also includes bundled workflow plans (notably 'contact-enrichment') that will scan your Gmail history and write facts into your Weave graph — a high-privacy operation. Only enable those plans if you understand and trust the intended data flows. - Metadata inconsistencies to resolve first: - The SKILL.md and plans reference a Gmail account env var ($GOG_ACCOUNT) and a 'gog' command; the skill metadata declares no required env vars or required binaries. Ask the author to declare required credentials (GOG account, Weave credentials, etc.) in the skill manifest so you can review/limit them. - SKILL.md says it writes ExperimentRequest files to ~/openclaw/data/ocas-fellow/intake/, but skill.json does not list that write path. Confirm filesystem permissions and update the manifest to reflect all write targets. - Operational precautions: - Disable automated heartbeats/cron (or run them in an isolated session) until you audit the plans and confirm credential/permission mappings. - Review bundled plans (contact-enrichment) and either remove or modify steps that access first-party signals if you do not want automated full-Gmail scans. - If you install, consider restricting the skill's filesystem permissions (if the platform allows) or ensuring the GOG credential provided is scoped/minimal and that Weave writes are acceptable. - If you need higher assurance, ask the publisher for an explicit list of required environment variables and exact filesystem paths the skill will read/write, and for a manifest update before enabling autonomous runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9743pc7v3rhh4m5kbbpk3cerh83shh0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments