ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Loop

v1.0.2

Run iterative agent loops until success criteria are met. Controlled autonomous iteration.

2· 1.3k·8 current·8 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (iterative agent loops) matches the instructions: no external services, no extra binaries or credentials, and the only side effect is creating ~/loop for logs. Nothing requested appears unrelated to the stated purpose.
Instruction Scope
SKILL.md provides a clear loop pattern and limits (max 10 iterations, logging rules, per-action approval for destructive steps). However, the 'Execute' step is necessarily open-ended (the agent will attempt user-defined tasks and run verify commands like `npm test`), so the agent may run arbitrary commands the user approves; this is expected but broad in scope and worth user attention.
Install Mechanism
Instruction-only skill with no install step and no code files — lowest risk from installation. It only instructs creating a directory under the user's home.
Credentials
No required environment variables, credentials, or config paths are declared. The skill may run verify/execute commands that implicitly use the environment, but it does not request elevated access or unrelated secrets.
Persistence & Privilege
The skill persists data locally to ~/loop/ (active.json, history/{id}.json, learnings.md). It is not always-enabled and does not modify other skills or system-wide settings. Users should be aware logs may contain sensitive outputs from attempted commands and will remain on disk unless removed.
Assessment
This skill appears to do what it says: run controlled iterative attempts and log results under ~/loop/. Before using it, consider: 1) logs will be written to your home directory — inspect ~/loop/ and delete anything sensitive if needed; 2) the agent will run commands you approve (e.g., tests, build steps) so avoid approving commands that read or exfiltrate secrets or perform deployments; 3) if you prefer not to persist history locally, run in an isolated environment, change the storage path, or periodically clean ~/loop/; and 4) the skill claims it will not make commits or deploy, but do not approve any automated git commit or deploy commands unless you explicitly want them. If you want a tighter audit, ask the skill to print each planned command for review before execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk9702cckkdygmgt4e92337ghw9818ckc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSLinux · macOS · Windows

Comments