ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Auto Training Skill

v0.1.0

Autonomous QA evaluation loop — runs domain-specific tasks against yourself, scores responses with an LLM judge, installs missing skills, and logs knowledge...

0· 71·0 current·0 all-time
byWade Deng@no7dw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description (autonomous QA loop that judges responses, installs missing skills, and logs results) matches what the SKILL.md tells the agent to do. However the package metadata declares no required binaries or env vars while the instructions require an OpenRouter API key and the 'clawhub' CLI for installing skills. The missing explicit dependency declarations are a coherence gap.
!
Instruction Scope
The instructions tell the agent to: read IDENTITY.md/SOUL.md, search memory files (memory/qa-eval-*.md), read config files (~/.config/openclaw/env and <WORKSPACE>/.env.local) to find OPENROUTER_API_KEY, call an external LLM judge, write logs to memory/, and run 'clawhub install <skillSuggestion>' to fetch and enable new skills. That is a broad scope that reads local config and secrets, contacts an external API, and installs arbitrary third-party skills — all of which go beyond a simple evaluator and are not limited/guarded in the instructions.
!
Install Mechanism
There is no install spec in the registry metadata, yet the runtime flow relies on the 'clawhub' CLI to install additional skills at runtime. That CLI will likely download/execute code for arbitrary skill IDs returned by the judge. Because the skill can autonomously trigger installs, this is a high-risk install mechanism despite the skill itself being instruction-only.
!
Credentials
The SKILL.md requires OPENROUTER_API_KEY (and optionally OPENROUTER_BASE_URL and model settings) but the skill metadata lists no required env vars. The instructions also tell the agent to read ~/.config/openclaw/env and <WORKSPACE>/.env.local to find the key, which could expose other unrelated secrets in those files. Requesting an external-API key and searching local env files is disproportionate relative to what was declared in the registry.
!
Persistence & Privilege
The skill is not flagged 'always:true', but it instructs the agent to autonomously install and re-read other skills and to append to persistent memory files (memory/qa-eval-*.md). Autonomous installation of other skills plus writing to memory increases long-term privilege/persistence and can expand the agent's capabilities without human oversight. The skill also explicitly instructs the agent not to ask humans to run commands, implying silent autonomous operations.
Scan Findings in Context
[regex-scan-none] expected: No regex-based code findings because this is an instruction-only skill (no code files). Absence of findings does not imply safety—most risk here comes from the runtime instructions that call external APIs and install skills.
What to consider before installing
Key points to consider before installing or enabling this skill: - The SKILL.md requires an OpenRouter API key and will try to read it from ~/.config/openclaw/env or <WORKSPACE>/.env.local, exposing the possibility of reading other secrets in those files. The registry metadata did not declare these env requirements—treat that mismatch as a red flag. - At runtime the agent will call an external judge (OpenRouter) and, if the judge suggests a skill, run 'clawhub install <skillSuggestion>' autonomously. That can download and enable arbitrary third-party skills without further human confirmation. Only enable this if you fully trust the clawhub install source and policy. - If you want to proceed, consider mitigations: provide a scoped/ephemeral OpenRouter key, ensure the clawhub CLI is from a trusted origin, require manual approval before any 'clawhub install' runs (or disable autonomous installs), restrict the agent's file access to a sandboxed workspace, and review any skill IDs proposed before installation. - If you are not comfortable with the agent autonomously installing code or reading local env files for secrets, do NOT enable this skill or require manual human approval for installs. If you need more assurance, ask the skill publisher for an explicit dependency list and for the skill to declare required env vars and binaries in the registry metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nkhexzf7kkpf1tm09fyses83b7nz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments