Openclaw Cortexnet Autopilot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is transparent about running an autonomous AI coding loop, but it can keep changing and pushing code to a GitHub repo using a write token without human review.
Install only if you intentionally want autonomous repo-writing automation. Test with --once first, use a non-production branch or PR workflow, protect the GitHub token, enable only approved CLIs, and do not leave the unattended loop running until you have reviewed its first outputs and commit behavior.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
AI coding tools can modify the repository without stopping for a human to approve each change.
The production configuration invokes coding CLIs with repository write access and disabled or automatic approval behavior, allowing autonomous code changes without per-action confirmation.
"command": "codex exec -s workspace-write -c approval_policy=never ...", ... "command": "gemini -y -o stream-json -p \"$(cat {prompt_path})\""Run only in a disposable workspace or protected development branch, prefer PR-based review before merge, and change CLI settings to require human approval where possible.
A faulty automated round could overwrite local workspace state or push broken or unwanted code to the dev branch.
The unattended loop can repeatedly reset the workspace and push AI-generated changes to a shared branch based on report-only gates, so a bad prompt, tool failure, or misleading report can propagate to the repository.
Before every CLI attempt, runtime fetches and resets to remote latest `origin/dev` ... Audit policy: report-only ... Git policy: commit/push only to `dev`.
Use branch protection, require pull requests, inspect diffs after --once runs, and monitor early rounds before enabling unattended operation.
Anyone or any process that can read the workdir .env may be able to use the token to write to the GitHub repository.
The GitHub write token is expected for automatic pushes, but it is powerful and is stored in a local environment file used by the runtime.
- GitHub token with repo write permissions ... `--token` writes token into `/path/to/workdir/.env` as `GITHUB_TOKEN=...`
Use a fine-grained token limited to the intended repository and branch where possible, protect the .env file, and rotate the token after testing.
After launch, the automation may continue making new attempts and pushing approved rounds without further prompts.
The launcher starts the autopilot in continuous mode rather than a one-shot run; this is disclosed and purpose-aligned, but it keeps operating until stopped or paused.
exec python3 openclaw_autopilot.py --config openclaw_config.json >> logs/runner.stdout.log 2>&1
Start with --once, supervise initial rounds, and use process management controls so the loop can be stopped reliably.
Private source code or task details may be exposed to the configured coding CLI providers during automated runs.
The skill delegates repository work to multiple external coding CLIs; depending on those tools' configurations, repository content and prompts may be processed by different provider accounts.
Orchestrates multiple coding CLIs with failover: `Codex CLI -> Gemini CLI -> Open Code CLI -> Claude Code CLI`
Enable only approved CLIs, confirm provider data-handling policies, and avoid running on repositories containing secrets or data that should not be sent to those services.