Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Eval
v1.0.0基于Karpathy AutoResearch和多Agent复盘的闭环量化评估体系,实现任务自动yes/no评判与持续优化升级。
⭐ 0· 96·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the SKILL.md content consistently describe a closed-loop agent evaluation system (generate → evaluate → modify → rerun). However, the manifest declares no required config paths or environment variables while the instructions explicitly expect access to many local files (e.g., memory/YYYY-MM-DD.md, memory/evolution/<agent-id>.md, patterns.md, AGENTS.md, HEARTBEAT.md). That mismatch (declared zero file access vs. explicit file I/O in SKILL.md) is an inconsistency.
Instruction Scope
Runtime instructions instruct the agent to read daily agent task logs and many repository files and to write evolution logs, PAT records, and patterns.md. They also say '将整体评分趋势发给老板' without specifying delivery mechanism. The file reads/writes are within the skill's evaluation purpose but the instructions are broad and partly vague about how reports are transmitted — giving the agent wide latitude to access and potentially transmit sensitive data.
Install Mechanism
Instruction-only skill with no install steps and no code files; nothing is written to disk by an installer. This is the lowest install risk.
Credentials
The skill requests no credentials or declared config paths, yet SKILL.md requires reading/writing multiple local files (agent memory and config-like documents). The absence of declared required config paths/permissions underrepresents the actual access the skill needs and prevents applying least-privilege controls.
Persistence & Privilege
always:false (no forced always-on). The skill envisions scheduled daily/weekly evaluation loops and autonomous agent actions. Autonomous invocation combined with file access and vague report-sending instructions increases blast radius if misused; however, autonomous invocation alone is the platform default and not itself flagged as high risk.
What to consider before installing
Before installing, verify and restrict what files this skill may access and how reports are sent: (1) ask the author to declare explicit required config paths and minimal file-permissions (read-only vs write) for memory/YYYY-MM-DD.md, memory/evolution/<agent-id>.md, patterns.md, AGENTS.md, HEARTBEAT.md; (2) confirm the exact delivery mechanism for 'send to boss' (email? internal message?) and ensure it cannot exfiltrate data to arbitrary endpoints; (3) run the skill in an isolated/test environment first and audit everything it writes to disk; (4) remove or redact any sensitive information from agent memory files before use; (5) prefer adding explicit least-privilege controls (scoped service account or directory-level sandboxing) and logging/auditing of all actions; (6) if the author cannot clarify the missing config/permission declarations, treat the mismatch as a red flag and avoid granting broad filesystem access.Like a lobster shell, security has layers — review code before you run it.
latestvk978vzcwmedfy07ayv7mtg3j8x84kp68
License
MIT-0
Free to use, modify, and redistribute. No attribution required.