Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Metacognition
v1.0.0Self-reflection engine for AI agents. Extracts patterns from session transcripts into a weighted graph with Hebbian learning and time decay. Compiles a token...
⭐ 1· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (a metacognition engine) matches the provided code: it stores categorized insights, applies decay, builds a graph, and compiles a lens. However, the code depends on an external 'curl' binary (via subprocess) to call an embeddings endpoint even though required binaries list only python3; requiring curl was not declared.
Instruction Scope
SKILL.md and README explicitly state 'no curl/subprocess' and 'local-only embeddings validated at startup', but metacognition.py uses subprocess.run to call curl for the embeddings endpoint and does not contain code that validates EMBEDDINGS_URL to localhost-only. This is a direct contradiction: runtime instructions promise no subprocess and local-only network, but the script performs network calls via curl and will honour whatever EMBEDDINGS_URL is set to (including remote URLs) unless the environment is constrained.
Install Mechanism
There is no install spec (instruction-only plus a code file), which keeps disk/write risk low. Still, the script executes an external binary (curl) if present — the skill package did not declare curl as a required binary, so the runtime will silently rely on an unlisted dependency. No archive downloads or remote installers are present.
Credentials
The registry lists no required env vars, but the script reads EMBEDDINGS_URL from the environment and will attempt network calls to it. SKILL.md/README claim embedded endpoint is optional and validated to localhost, but the code does not implement that validation. If EMBEDDINGS_URL is set to a remote server, the script will send text (potentially session content) to that endpoint — an environment variable can thus enable exfiltration. The skill does write to declared local paths (memory/ and scripts/).
Persistence & Privilege
always is false and the skill is user-invocable; it writes only to workspace-relative paths (memory/metacognition.json and scripts/metacognition-lens.md) advertised in SKILL.md. It does not request system-wide privileges or modify other skills' configs.
What to consider before installing
This skill appears to implement the claimed metacognition functionality, but the code contradicts its own security statements: metacognition.py calls 'curl' via subprocess to reach the embeddings endpoint and does not validate EMBEDDINGS_URL to localhost. That means if EMBEDDINGS_URL is set to a remote server, the skill could transmit text (including session content) to that server. Before installing, either: 1) inspect metacognition.py and remove/replace subprocess+curl with a validated local-only HTTP client (e.g., Python urllib with an allowlist of 127.0.0.1/::1), 2) ensure the runtime environment cannot reach remote addresses (network sandboxing), or 3) set EMBEDDINGS_URL to a trusted localhost endpoint and verify the script enforces localhost-only. Also consider adding 'curl' to required-binaries or removing the curl usage and re-running an audit. If you cannot audit or sandbox the skill, treat it as potentially able to exfiltrate data and avoid giving it access to sensitive transcripts.Like a lobster shell, security has layers — review code before you run it.
latestvk9739ytv17z15c6f0dcyyhr17583ysad
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3