ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QMD Learning Loop

v1.0.1

Capture corrections, errors, feature requests, and recurring best practices in a QMD-native way for markdown-first agent workspaces. Use when a user corrects...

0· 74·0 current·0 all-time
byShaker Gilbert@shakerg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the five reference markdown files all describe and implement the same goal: classify events and route/promote them into workspace docs. There are no unrelated requirements (no env vars, binaries, or external endpoints) that would contradict the stated purpose.
Instruction Scope
Runtime instructions tell the agent to read, classify, and update workspace markdown files (logs, runbooks, decision memos, etc.). That scope is appropriate for a learning-loop skill. The SKILL.md explicitly prefers updating existing docs and keeping chronology separate from durable rules. There is nothing instructing the agent to read unrelated system files, fetch secrets, or transmit data externally.
Install Mechanism
This is an instruction-only skill with no install spec or code files to execute; nothing will be downloaded or written by an installer step. Risk from installation is minimal.
Credentials
No environment variables, credentials, or config paths are requested. The skill operates solely on workspace markdown documents, which is proportionate to its purpose.
Persistence & Privilege
The skill does not request always:true and uses platform defaults (agent-invocable and allowed to invoke autonomously). That is normal for a skill that will edit workspace files. It does not attempt to modify other skills' configs or system-wide settings.
Assessment
This skill is a set of editorial guidelines and templates for capturing and promoting learnings in your markdown workspace. It does not request credentials or install software. The only operational implication is that an agent using this skill will be reading and writing workspace markdown files — so: (1) ensure the agent's file-write permissions are limited to the intended workspace, (2) keep your workspace backed by version control so edits can be reviewed/reverted, (3) review any promoted/created documents for accidental inclusion of secrets or sensitive data, and (4) if you need stricter control, disable autonomous invocation or require manual approval before the agent edits durable docs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9754jwngh1e59b4kcnhb8shms83b9b2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments