卡帕西研究系统
v1.0.0每日研究AI大神Andrej Karpathy的所有作品,进行三次灵魂拷问(深度学习?掌握精髓?有无遗漏?),并将成果转化为马斯克技能。研究对象包括llm.c、nanoGPT、micrograd等核心项目,以及CS231n、YouTube教育内容。
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe daily research of Karpathy projects and transforming insights into teaching/skills. Declared requirements are minimal (no env vars, no binaries) which aligns with a lightweight research skill. Minor oddity: the bundled Python file hard-codes WORKSPACE = Path("C:/Users/USER/.qclaw/workspace/evolution"), a user-specific Windows path that is unnecessary for a generic research skill and may not exist on target systems.
Instruction Scope
SKILL.md instructs the agent to check public sources (GitHub commits, YouTube, X/Twitter, Discord), run three analyses, create/backup skill artifacts. Those actions are within the stated purpose. However the instructions implicitly require network access and possibly API tokens for automated checks (especially Discord/X/GitHub) even though no creds are declared; the backup step references a local 'NEW SKILL/karpathy-research/' path but gives no details about where/how backups are stored.
Install Mechanism
No install spec (instruction-only) and only a small Python file. No downloads or external install actions detected—this is low-risk from an install standpoint.
Credentials
The skill declares no required environment variables or credentials, which is consistent with an informational research skill. However, SKILL.md's suggested automation (polling GitHub/YouTube/X/Discord) could require API keys or tokens in practice; those are not declared, so if the agent attempts to automate those checks it may prompt for or require credentials later.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills. The code contains a local workspace path but does not modify other skill configs. Autonomous invocation is allowed by default (normal).
Assessment
This skill appears to be what it says: a daily research assistant for Andrej Karpathy's public work. Before enabling it, consider: 1) If you plan to let it run automatically, confirm whether it will access external services (GitHub, YouTube, X, Discord) and whether you need to provide API tokens — the skill does not declare any credentials. 2) The included Python file contains a hard-coded Windows path (C:/Users/USER/...), which may not exist and could cause unexpected behavior if the skill writes files; review and adjust that path to a safe workspace you control. 3) Decide whether you want the agent to publish or back up generated 'skills' automatically; if so, verify what destination and credentials will be used. 4) As a precaution, run the code in a sandbox or with agent autonomy disabled until you confirm its network/file actions meet your policy.Like a lobster shell, security has layers — review code before you run it.
latestvk9753y8ww87a9ffpsy4waazrh184qy3p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.