Supervised Agentic Loop
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed autonomous code-improvement loop with local command execution, persistence, and optional external review/alerting, but the provided artifacts do not show hidden or purpose-mismatched behavior.
This appears coherent for an autonomous local code-evolution tool, not malicious based on the provided artifacts. Before installing, run it in a git-controlled or sandboxed workspace, choose metric commands carefully, review persistent `.state` files, and only enable Telegram or LLM review integrations if you accept their data-sharing implications.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A poorly chosen metric command could modify files, consume resources, or run unsafe local code.
The skill intentionally executes a user-supplied local metric command during autonomous iterations. This is central to the stated purpose, but it gives the run authority to execute whatever command the user provides.
Metric-Driven — any command that produces a number can be a metric. ... sal run --target train.py --metric "python train.py" --parser val_bpb
Only use trusted metric commands, run in a clean git working tree or sandbox, and start with low iteration/time budgets.
Installing the skill makes the included Python CLI available in the local environment.
The install script installs the local package in editable mode. This is disclosed and matches the package purpose, but the registry section says there is no install spec while SKILL.md declares an install step.
pip install -e .
Review the repository source before installing and install in a virtual environment if possible.
If enabled, the skill can send messages through the configured Telegram bot to the configured chat.
The skill can use a Telegram bot token and chat ID for alerting, but the artifacts describe this as optional and off unless configured.
MONITOR_TELEGRAM_BOT_TOKEN: ... Telegram bot API token. If unset, no Telegram calls are made.
Use a dedicated Telegram bot token, limit who can access the chat, and do not enable Telegram alerts unless you want alert contents sent to Telegram.
Incorrect or malicious content in the persistent state could steer future experiment choices.
The skill intentionally stores learnings and reuses them in future brainstorming. This is disclosed and purpose-aligned, but persistent agent context can influence later runs.
Persistent Learnings — insights from every iteration stored in `.state/learnings/*.md`. Survives across runs.
Inspect or delete `.state/learnings/`, logs, and reputation state between unrelated projects or after suspicious runs.
If configured to use a networked LLM tool, session contents may leave the local machine according to that tool's settings.
The optional async monitor can send session review work to a user-configured local LLM command, whose own network/data behavior is outside this skill's direct control.
MONITOR_LLM_COMMAND runs a LOCAL subprocess (e.g. 'codex'). The subprocess itself may make network calls depending on user configuration.
Only configure `MONITOR_LLM_COMMAND` to a trusted local or provider-backed tool whose privacy behavior you understand.