ClawHub

Autonomous Loop

Security checks across malware telemetry and agentic risk

Overview

This skill is openly designed to keep an OpenClaw agent running autonomously, but its looping behavior and startup-script execution need careful review before installation.

Install only if you intentionally want unattended agent operation. Review and trust any project scripts such as init.sh before use, set your own hard limits on runtime or iterations, monitor the first runs closely, and know exactly how to place the stop file or disable the plugin before starting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill describes behavior that relies on environment-specific state and paths under ~/.openclaw but does not declare corresponding permissions or safety boundaries. This mismatch can cause operators to underestimate what the skill can access or modify, which is especially risky because the skill is designed for unattended operation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly enables continuous autonomous execution without human intervention, yet it does not prominently warn that the agent may keep changing files, running tasks, and affecting system state until manually stopped. In this context, the absence of an explicit warning materially increases the chance of unsafe deployment or prolonged unintended actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow instructs the agent to run init.sh if present, which is an arbitrary project startup script, without any safety warning or trust requirement. In an autonomous loop, this can repeatedly execute unreviewed code across sessions, compounding the risk of malicious or unsafe repository scripts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The plugin explicitly describes behavior that will automatically send follow-up messages after every agent reply, creating a self-sustaining loop with no visible safety constraints in this manifest. In the context of an agent automation skill, that can enable runaway execution, repeated actions, resource exhaustion, and prolonged operation beyond intended user oversight if paired with unsafe prompts or tools.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
# Autonomous Loop

Keeps an OpenClaw agent working continuously without human intervention. After each reply, the plugin waits N seconds and automatically sends the next task instruction — until you place a stop file.

## Installation
Confidence
94% confidence
Finding
automatically send

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal