Openclaw Cortexnet Autopilot
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is openly designed to run unattended AI coding tools that can change a GitHub repo and push to a dev branch, so it needs careful review before use.
Install only if you intentionally want an autonomous repo-changing system. Use a dedicated test repository or protected dev branch, a narrowly scoped GitHub token, an isolated runtime environment, one-shot validation first, and a human review/PR gate before allowing unattended pushes.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An AI coding CLI can make unintended or unsafe code changes in the target repository without stopping for confirmation.
The production config runs Codex with workspace write access and approval_policy=never, meaning the coding agent can modify repository files without per-action approval.
"command": "codex exec -s workspace-write -c approval_policy=never ... --skip-git-repo-check ..."
Use this only in an isolated workspace, run `--once` first, restrict enabled CLIs, and add an external human review or PR gate before any push.
If the token is over-scoped or the workspace is exposed, the agent or anyone with file access could push changes to the repository.
The skill requires a write-capable GitHub token and stores it in a local .env file for the unattended runtime.
- GitHub token with repo write permissions Notes: - `--token` writes token into `/path/to/workdir/.env` as `GITHUB_TOKEN=...`
Use a fine-grained token limited to one repository and branch where possible, protect the dev branch, avoid broad personal tokens, and remove or rotate the token after testing.
Pointing this at an untrusted repository could run untrusted code on the host during unattended operation.
Fallback reporting can run repository test commands automatically; test suites and Makefiles can execute arbitrary local code from the target repo.
"test_command_candidates": ["python -m pytest -q", "pytest -q", "python -m unittest discover -q", "make test"]
Run only against trusted repositories, preferably inside a container or disposable VM with minimal secrets and filesystem access.
A bad model output, misleading report, or broken test result can be propagated to the shared dev branch and repeated in future rounds.
The runtime can repeatedly push AI-generated changes based on report fields rather than code-level review.
Report-only audit (no code-level inspection) ... commit + push on approved report ... Continuous unattended loop
Require pull requests or branch protection, review diffs before merging, and monitor early runs instead of leaving the loop fully unattended.
Once started, it can keep attempting repo changes on its schedule until stopped or paused.
The skill intentionally supports a long-running autonomous loop; this is disclosed, but users should understand it continues operating after startup.
- Supports unattended loop mode and one-shot mode Unattended loop: ```bash ./start_openclaw.sh ```
Start with one-shot mode, supervise the first several rounds, and run the unattended launcher only when you have clear stop, monitoring, and rollback procedures.
Old CLI state or repository-provided context may influence future optimization rounds.
CLI context and init state are intentionally preserved across rounds, which can carry stale or poisoned context into later autonomous runs.
Init markers are persisted under `logs/init_state/<repo>/` ... Runtime keeps `.codex/` and other configured init directories during workspace clean
Inspect or clear `logs/init_state`, `.codex`, `.gemini`, `.claude`, and `.open-code` when changing projects, policies, or trust boundaries.
It is harder to verify the origin and maintenance path of a powerful automation skill.
The registry metadata does not provide strong provenance or a formal install specification, although the supplied artifacts do not show hidden downloads or remote install scripts.
Source: unknown Homepage: none Install specifications No install spec — this is an instruction-only skill.
Review the bundled scripts before use and prefer installing from a known, version-controlled source.