Loop
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: loop Version: 1.0.2 The skill is designed for iterative task execution, which inherently involves the agent running commands and interacting with the file system based on user-defined 'Task' and 'Criteria'. While the `SKILL.md` and `memory.md` files include explicit safety declarations (e.g., 'No destructive actions without explicit per-action approval', 'NEVER makes Git commits automatically'), these are instructions for the AI agent, not technical enforcements. The core functionality of executing arbitrary user-defined tasks (as implied by 'Execute' and 'Verify' steps and examples like `npm test`) presents a significant prompt injection vulnerability, allowing a malicious user to potentially trick the agent into executing harmful commands. This is a high-risk capability, even without clear malicious intent from the skill author.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may continue working through multiple attempts without a new prompt each time, up to the configured limit.
The skill intentionally enables autonomous repeated attempts, but it discloses that behavior and sets a hard stopping limit.
Runs iterative attempts toward defined success criteria ... NEVER runs indefinitely (max 10 iterations hard limit)
Use it only with clear success criteria, set an appropriate max iteration count, and monitor actions that could affect important files or systems.
A badly scoped task or unsafe verification command could be repeated across iterations.
The loop can lead the agent to repeatedly perform task actions and run verification commands, which is purpose-aligned but can amplify mistakes if the task is scoped poorly.
Execute — Attempt the task ... Verify — Check success criteria ... Verify command | Recommended | `npm test`
Provide narrow task instructions, review any command before use, and require explicit approval for destructive or high-impact actions.
Task details or lessons from prior loops may be reused later, and sensitive information could be stored if included in loop summaries.
The skill persists loop state and learnings locally, including optional cross-loop patterns that may influence future iterations.
All loop data stored in ~/loop/: active.json ... history/{id}.json ... learnings.md — Cross-loop patterns (optional)Avoid including secrets or sensitive data in loop logs, and periodically review or delete ~/loop/ if persistence is no longer wanted.