ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SkillForge — Self-Evolving AI Skills

v1.0.0

Stop repeating yourself. SkillForge watches how you work, discovers your patterns, and forges them into reusable Skills — automatically. The more you use it,...

0· 68·0 current·0 all-time
by@jfranklee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
SkillForge's claimed goal (discover repeated workflows from your logs and generate Skill drafts) aligns with the instructions and reference docs: it explicitly scans daily logs, long-term memory, existing Skills, clusters patterns, scores them, and writes draft SKILL.md files. There are no unrelated credentials or external services requested.
Instruction Scope
The SKILL.md and ALGORITHM.md explicitly instruct the agent to read files under {workspace}/.workbuddy/memory/*.md, {workspace}/.workbuddy/memory/MEMORY.md, and ~/.workbuddy/skills/*/SKILL.md and to use the current conversation summary (cb_summary). It also writes drafts to {workspace}/skillforge-drafts/ and stores patterns/reports under {workspace}/.workbuddy/skillforge/. These file reads/writes are coherent with the stated purpose, but the skill metadata declared no required config paths — the actual runtime instructions reference many paths the agent will access, which is a transparency mismatch you should be aware of.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing new is written to disk by an installer. The risk surface is limited to what the agent is instructed to read/write in your workspace/home directory.
Credentials
No environment variables or external credentials are requested. The only sensitive access is to your workspace/home files (logs, memory, existing Skills). That access is proportionate to the purpose of pattern discovery, but those files can contain secrets or private content — the ability to read them is the primary sensitivity here.
Persistence & Privilege
always is false and the skill states it will not auto-install or delete Skills. It does write drafts and stores patterns/health under the workspace/.workbuddy/skillforge directory. The CONFIG_FULL reference also includes general.auto_scan_enabled: true and auto_scan_rrule defaults — this implies the design supports periodic scans; confirm whether your agent runtime will run those scans automatically and whether you want that behavior.
Assessment
What to check before enabling SkillForge: - Confirm the runtime will only run the described read operations and will not transmit your files to external endpoints; this skill is instruction-only and the files included make no network calls, but the agent running it could be extended to do so. Ask: where does my agent run, and is network access restricted? - Inspect the directories it will read: {workspace}/.workbuddy/memory/, {workspace}/.workbuddy/skillforge/, and ~/.workbuddy/skills/. Remove or redact any secrets or sensitive content from those logs if you don’t want them scanned. - Verify the drafts directory (skillforge-drafts/) is indeed isolated and that generated drafts will require your explicit confirmation before installation (the SKILL.md promises this, but confirm your agent enforces it). - Decide whether you want periodic/automatic scans. The config references auto_scan_enabled: true — if you prefer manual scans only, make sure to disable auto-scan in the config or agent settings. - Monitor newly created files (drafts, patterns, skill-health.json) after the first run so you can confirm behavior matches documentation. If you want higher assurance, request a code-based implementation (not instruction-only) or run the skill in a restricted/testing workspace first. If you are uncomfortable with the agent reading your workspace or home skills, do not enable it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97212x56sk4etanv8j0crfwrh83q2e3metavk97212x56sk4etanv8j0crfwrh83q2e3productivityvk97212x56sk4etanv8j0crfwrh83q2e3self-evolvingvk97212x56sk4etanv8j0crfwrh83q2e3workflowvk97212x56sk4etanv8j0crfwrh83q2e3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments