ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Curiosity Engine

v1.0.0

Curiosity-driven reasoning enhancement for OpenClaw agents. Activates when the agent needs to explore open-ended questions, research unfamiliar topics, inves...

0· 534·3 current·4 all-time
by@luofulily1-cmyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (curiosity-driven reasoning) match the SKILL.md and example usage. Suggested tools (web_search, web_fetch, read, exec) and the included curiosity evaluation script are reasonable support for evaluating and enacting curiosity behaviors.
Instruction Scope
SKILL.md stays on-topic (OODA-C loop, doubt protocols, gap detection). It instructs the agent to use web_search/web_fetch/read/exec to fill gaps and to persist open threads to memory/curiosity-threads.md if the user opts in. 'read' and especially 'exec' are powerful — they can access local files or run commands; the skill does not mandate what to read/exec, so actual risk depends on the agent's tool permissions and how the integrator limits those tools.
Install Mechanism
Instruction-only skill with no install spec and no required binaries. The included Python script is small, local, and understandable; nothing is downloaded or written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested. The skill's behavior doesn't depend on external secrets, which is proportional to its stated goals.
Persistence & Privilege
always:false and normal autonomous invocation are appropriate. The skill suggests optionally storing persistent open threads in memory/curiosity-threads.md — this is reasonable but requires explicit user opt-in; confirm whether your agent runtime allows writing to that memory path and review what is stored.
Assessment
This skill appears to do what it claims: help the agent 'dig deeper' using a structured loop. Before installing, verify two things in your agent environment: (1) which tools the agent can actually call — web_search/web_fetch are standard and expected, but 'read' and especially 'exec' can access local files or run commands; restrict or disable them if you don't want the skill to inspect or execute on your system. (2) Memory opt-in — the skill will store open threads in memory/curiosity-threads.md only if you allow it; decide whether you want persistent curiosity threads. If you lock down tool permissions and opt out of memory, the skill remains useful and low-risk. If you permit unrestricted exec/read and persistent memory, be aware of the higher blast radius and audit what gets stored or executed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7w8s76t39skstt7dt7z0a981rmra

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments