ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

autoagent

v0.8.9

Automatically improve agent guidance through iterative testing and scoring. Use when you want to optimize prompts, AGENTS.md entries, or skill definitions us...

0· 184·0 current·0 all-time
by@peterpcw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (automated iterative improvement of agent guidance) aligns with the requested capabilities: creating a sandbox, running iterations, scoring, and using subagents. No unrelated credentials, binaries, or installs are requested.
!
Instruction Scope
SKILL.md and iteration/setup prompts explicitly instruct the agent to: create an arbitrary sandbox path (including absolute paths), copy guidance and any referenced scripts into the sandbox, locate and read referenced scripts/tools (read code/binaries), and run subagents to execute tests. Those steps are required for the feature but give the skill the ability to read arbitrary files (if the user supplies or points to them) and to execute user-supplied scripts via subagents. The instructions do not include safeguards or limits (e.g., restrict sandbox to workspace, warn about sensitive paths), so a mistaken or maliciously chosen sandbox path could expose sensitive files.
Install Mechanism
Instruction-only skill with no install spec and no code files to write on install; this is low-risk from an install-mechanism perspective.
Credentials
No environment variables, credentials, or config paths are requested. The skill asks the user to specify script/tool paths if used — that explains file access but relies on user-supplied paths rather than requesting unrelated secrets.
Persistence & Privilege
The skill sets up a persistent cron job (default every 5 minutes) and spawns subagents autonomously on that schedule. It does not set always:true, but the cron will cause regular autonomous activity until paused. This persistence is consistent with the skill's purpose but increases blast radius if the sandbox or referenced scripts are pointed at sensitive locations or contain dangerous operations.
What to consider before installing
This skill appears to do what it says, but review and control what directories and scripts you point it at before starting. Recommended precautions: - Never set the sandbox path to system or home directories (e.g., /home, /root, /etc, ~/.ssh). Use a dedicated workspace folder. - If asked to reference scripts/tools, only provide copies you control and have inspected; don't let it locate or read arbitrary system binaries unless you explicitly want that. - Verify the cron job and its schedule after setup and be prepared to stop/pause it if it runs unexpected work. Consider a longer interval while testing. - Inspect sandbox contents (guidance-under-test.md, current-guidance.md, scripts/) before allowing iterations to run automatically. If you want to be extra cautious, run one iteration manually and confirm behavior before enabling periodic runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk976za89t3pjhv2ek6x4cjpe9582v7w5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments