TrustLoop Plugin
Security checks across malware telemetry and agentic risk
Overview
This skill is not obviously malicious, but it can persistently create or modify OpenClaw skills and can auto-publish low-risk changes in autonomous mode, so it deserves careful review before use.
Use this only in workspaces where you want OpenClaw to learn and manage new skills. Leave it in manual mode unless you are comfortable with automatic low-risk skill publishing, review candidates before approval, and inspect .skill-evolver state if the workspace contains sensitive workflows.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If autonomous mode is enabled, a bad low-risk classification or poisoned workflow could become a persistent skill and influence later tasks.
The skill intentionally allows automatic publishing of generated or patched skills in autonomous mode, which can change future agent behavior without per-change human approval.
`autonomous` - auto-publish low-risk `patch_skill` updates to the managed skill directly - auto-publish low-risk `create_skill` candidates as `learned-*-canary`
Keep the skill in manual or assisted mode for sensitive workspaces, review candidate diffs before publishing, and use rollback if an unwanted managed skill is published.
Workflow summaries or instructions derived from prior context can persist and be reused later; if sensitive details or prompt-injection content enter a candidate, they may influence future behavior.
The skill learns from visible workspace/task history and stores candidates, audits, and configuration persistently in the workspace.
The same request pattern appeared at least twice in the current workspace history you can see ... All runtime state lives in `./.skill-evolver/candidates/`, `./.skill-evolver/backups/`, `./.skill-evolver/audit/`, `./.skill-evolver/registry.json`, `./.skill-evolver/config.json`
Review .skill-evolver candidates and audit files, avoid approving skills that contain secrets or untrusted instructions, and periodically clean unwanted learned state.
Installing the skill runs local plugin code and depends on package resolution for its dependency.
The package loads a local OpenClaw extension and uses a semver-ranged dependency. This is expected for the plugin-backed tool, but users should treat it as executable plugin code with supply-chain exposure.
"openclaw": { "extensions": [ "./index.js" ] }, "dependencies": { "@sinclair/typebox": "^0.34.8" }Install from a trusted source, review the full plugin source, and prefer pinned or locked dependencies for production use.