Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Genome Encoding
v1.0.0Encode your agent's personality into a diploid genome with 27 cognitive primitives, compare against 216 AI agent personalities, simulate breeding, and explor...
⭐ 0· 108·0 current·0 all-time
byAhmed Mahmoud@mohmhm1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (encoding/comparing agent genomes) matches the SKILL.md actions, but the runtime depends on external scripts (encoder.py, visualize.py, agent_report.py) and a genome library that are not present in the package. That mismatch means the skill as published cannot perform its claimed work without additional, undeclared code or data.
Instruction Scope
SKILL.md tells the agent to run local Python scripts and to read files like SOUL.md and library/genomes/<slug>.dna.json. It also notes that encoding requires a Claude API call (or a --mock flag). The instructions therefore include reading arbitrary files from the working directory and performing a network/API call, but provide no local scripts or clear guidance on where credentials should come from.
Install Mechanism
There is no install spec (instruction-only skill) and the only included files are static HTML and the SKILL.md. That is low risk from an install perspective because nothing is being downloaded or extracted automatically. However, the missing runtime scripts mean the skill currently has an incomplete footprint.
Credentials
SKILL.md explicitly says encoding requires a Claude API call, yet requires.env lists no credential and the package does not declare a primary credential. A networked API call typically needs an API key or token; the skill fails to declare or justify how that credential will be provided, which is a proportionality and transparency issue.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide settings, and does not attempt to persist configuration for other skills. No elevated persistence or privilege requests are present in the metadata.
What to consider before installing
Do not run this skill as-is. Before installing or running: (1) Ask the publisher to provide the missing runtime files (encoder.py, visualize.py, agent_report.py) and the library/genome_library.json referenced by SKILL.md, and verify their contents — especially looking for unexpected network calls, credential exfiltration, or arbitrary system access. (2) Ask the author to declare any required API credentials (e.g., Claude key) and explain where/how those should be set (environment variable name, config file), or prefer using the documented --mock mode to avoid API calls. (3) If you must test, run only in an isolated sandbox/container with limited filesystem access and no sensitive credentials, and review the scripts line-by-line for network requests and file access. (4) Prefer ephemeral credentials and least-privilege tokens if an API key is required. (5) If the author cannot provide the missing code or a clear explanation for the API credential handling, treat the package as incomplete/untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk973s78ny4h12j5txg5sekgkeh83dsa0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.