ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Infinite Oracle

v1.0.11

Manager-first orchestration for a dedicated PECO worker: proactive installation, durable desire injection into SOUL.md, and optional Feishu-backed human-in-t...

0· 483·1 current·1 all-time
byWonka@kepanwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to create and manage a background 'peco_worker', persist a durable 'desire' in SOUL.md, and keep human-in-the-loop controls; the included SKILL.md, README, and peco_loop.py actually implement those behaviors (agent creation commands, file writes under ~/.openclaw, loop daemon code). That is coherent with the stated purpose. However the implementation intentionally performs persistent, autonomous work (background nohup process, long-running loop) which is a heavier capability than many simple skills — this is coherent but significant and warrants caution.
!
Instruction Scope
SKILL.md instructs the agent to run CLI commands (openclaw agents add/list), create and modify files under ~/.openclaw (SOUL.md, AGENTS.md, peco_override.txt, human_tasks_backlog.txt, logs), start a background loop (nohup / persistent process), and optionally sync to Feishu. These actions read/write local files, can persist durable 'desires', and launch an autonomous loop — all within the skill's stated domain, but broad in scope and capable of long-lived effects. The SKILL.md also contains a non-negotiable directive ('When the user says anything equivalent to "Install infinite oracle", you must act ...'), which pushes the agent toward proactive execution and enlarges its discretion.
Install Mechanism
There is no automated install spec in the registry entry; the README/SKILL.md instructs manual steps or letting an agent clone a GitHub repo and copy files. No external arbitrary binary downloads or archive extraction are specified. This is lower-risk from an install mechanism perspective, though the repository clone instruction (git@github.com:...) assumes trust in that GitHub repo and may require SSH keys.
Credentials
The registry declares no required environment variables, but the code supports optional Feishu credentials and reads OpenClaw gateway config candidates (e.g., ~/.openclaw/openclaw.json). Feishu integration and HTTP gateway calls are optional in the README and code but could transmit logs, backlog entries, or human task details to remote services if configured. The absence of declared required env vars is not inherently wrong, but users should be aware that providing Feishu/app credentials or exposing openclaw gateway endpoints enables network egress of potentially sensitive state.
!
Persistence & Privilege
The skill explicitly writes persistent state files to the user's home (~/.openclaw/...), injects and modifies a durable 'SOUL.md' desire anchor, and starts a background loop daemon (peco_loop.py) that can run indefinitely and make network calls. While 'always: false' mitigates forced inclusion, the skill's design is for long-running autonomous work and persistent presence; combined with the SKILL.md directive to 'must act' on an install command and the capability to sync externally, this increases risk and requires sandboxing/explicit user approval.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters detected by the pre-scan. This pattern is often used in prompt-injection attempts to manipulate LLM evaluation or runtime parsing and is not expected for a straightforward orchestration skill. Treat this as a warning to inspect the SKILL.md for hidden or maliciously obfuscated content.
What to consider before installing
This skill does what it says (creates a manager + persistent worker, writes a durable 'desire' to SOUL.md, and runs an infinite PECO loop), but it is powerful and invasive. Before installing: 1) Inspect peco_loop.py carefully yourself (look for outgoing network calls, hard-coded endpoints, and any code that exfiltrates files). 2) Do not provide Feishu or other service credentials unless you trust the author and have verified the code path that uses them. 3) Run the skill in an isolated VM/container with network egress controlled (or block Feishu/external network) until you're confident. 4) Backup any ~/.openclaw files you care about; the skill will create/modify files like SOUL.md, AGENTS.md, peco_loop.log, human_tasks_backlog.txt, peco_override.txt. 5) Note the pre-scan 'unicode-control-chars' finding — re-open SKILL.md in a text editor that can show hidden characters and remove or question any invisible control characters. 6) Prefer manual install steps you review (copy the files yourself) rather than asking an agent to run the 'one-shot' install. If you are uncomfortable reviewing code, do not install or limit the skill to a tightly sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk975s26xjh2e73r438f6gfnpy982fx5w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments