Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Autoresearch Skill Optimizer
v2.0.0Auto-improve any OpenClaw skill using Karpathy's autoresearch loop. Runs skill repeatedly against test inputs, scores against a yes/no checklist, makes one t...
⭐ 0· 99·0 current·0 all-time
byNeal Meyer@ngmeyer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions: it is an instruction-only optimizer that runs iterative tests and edits SKILL.md. Producing optimized SKILL-optimized.md and changelogs is coherent with the purpose. However, the workflow explicitly writes edits into skills/{skill-name}/ (modifying other skill files), which is powerful but not clearly restricted to a copy or sandbox — this capability is proportionate only if the agent is intended to edit target-skill files and the user expects that.
Instruction Scope
SKILL.md tells the agent to: (a) infer test inputs from the skill's docs or from "recent real invocations from memory/session history", and (b) make targeted edits to the target SKILL.md and keep/revert them. Asking the agent to access session/memory history and to programmatically modify other skills' files is broad and not explicitly constrained (no explicit 'dry-run' or explicit user-approval step is enforced). These instructions give the agent wide discretion to collect contextual data and to change other skills, which is scope creep from a simple auditor unless the user explicitly consents.
Install Mechanism
No install spec and no code files — instruction-only — so there is nothing downloaded or written at install time. This minimizes supply-chain risk.
Credentials
The skill declares no environment variables or external credentials, but the runtime instructions rely on accessing session/memory history and reading other skills' docs and example prompts. Those are not declared as required sources and could include sensitive information. Also, the instructions assume the ability to write files into a skills/ directory; filesystem access is implied but not documented or constrained.
Persistence & Privilege
always:false (good), but the skill's autonomous-invocation setting is default (allowed). Combined with instructions that modify other skills' files and infer inputs from session history, autonomous runs could repeatedly alter or leak content. There is no explicit in-flow mandatory user confirmation checkpoint for edits (the doc says 'apply if approved' but does not define how approval is requested or enforced).
What to consider before installing
This skill can be useful for automating improvement of skills, but it has two practical risks: (1) it tells the agent to pull test inputs from session history/memory and other skills' recent invocations — that can expose private data; (2) it instructs the agent to edit other skills' files (skills/{skill-name}/SKILL-optimized.md and to modify SKILL.md), and the approval mechanism is vague. Before installing/running: (a) require explicit, interactive approval before any edits and prefer a dry-run mode that only produces changelog proposals, not direct edits; (b) run it first against a copy/sandbox of the target skill, not the canonical skill files; (c) provide explicit test inputs yourself instead of allowing the agent to infer from session history; (d) review produced SKILL-optimized.md and optimization-changelog.md manually before accepting changes; (e) avoid running autonomously on sensitive skills or where session history may contain private data. If the publisher can provide a sandboxed workflow or an explicit confirmation/approval hook, that would materially reduce the risk.Like a lobster shell, security has layers — review code before you run it.
latestvk972nandqa77g8mthzrqrs8q0x835sj1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.