IM Framework Team
v1.0.0Forrest's Team — Immanent Metaphysics agent framework and onboarding. Use when: (1) reasoning from the IM framework (axioms, modalities, ICT, effective choic...
⭐ 0· 441·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is an onboarding/framework guide for agents grounded in the Immanent Metaphysics. The files (ontology, templates, setup guide, attribution guide, ethics) and the runtime instructions align with that purpose. There are no requested unrelated credentials or binaries declared by the skill itself.
Instruction Scope
The SKILL.md and supporting files instruct the operator and agent to read workspace files (SOUL.md, MEMORY.md, TOOLS.md, etc.) and to load reference materials as needed. It also states 'All files are read at the start of every conversation' in some setup text—this is expected for an agent framework but increases the surface area for accidentally exposing private data if the workspace contains secrets. The instructions do not direct the agent to read system-wide config or unrelated files.
Install Mechanism
This is an instruction-only skill with no install spec or code to download or execute. Risk is low from the skill itself. The guide references installing OpenClaw and optional plugins (openclaw, clawhub, @openclaw/bluebubbles) which are normal for onboarding but should be fetched from their official sources.
Credentials
The skill does not declare required env vars, but the setup guide instructs users to provide an Anthropic API key and a Telegram bot token during OpenClaw onboarding. That is proportionate to the described purpose (running a conversational agent). The guide warns about storing the key in ~/.openclaw and suggests 1Password CLI as a better option — users should prefer secret managers and avoid plaintext storage.
Persistence & Privilege
The onboarding guide recommends installing the OpenClaw gateway as a system service for automatic start and binding channels (Telegram, iMessage). That is consistent with running a persistent agent but has system-level persistence implications (a background service with access to the agent's keys and workspace). The skill itself does not force persistence (always: false).
Assessment
This skill is an onboarding and reference pack for a team framework and appears internally consistent. Before installing or following the setup: (1) verify you obtain OpenClaw and any plugins from their official project pages (npm, GitHub, or vendor docs) rather than third-party mirrors; (2) prefer a secrets manager (1Password CLI, OS keyring) instead of allowing the wizard to store API keys in plaintext under ~/.openclaw; (3) review workspace files (MEMORY.md, SOUL.md, TOOLS.md) for any private data before the agent is allowed to auto-load them—keep MEMORY.md minimal; (4) be aware that installing the gateway as a system service creates a persistent background process that will have access to the agent workspace and credentials, and audit its permissions and logs; (5) treat Telegram bot tokens like any credential—if you give a bot token, the bot can receive messages for that account; rotate/revoke tokens if you experiment. If you want a narrower security review, provide the exact OpenClaw binary source/links or the plugin package names so those can be checked for provenance and supply-chain risk.Like a lobster shell, security has layers — review code before you run it.
latestvk977dyrg3hgjrtbmyr4myjwpzs81n1jd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.