ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawBrain Smart Retry

v1.2.0

v1.2 错误恢复:三级恢复策略 + 双模型共识 + 循环检测 + 降级告知 + 长对话恢复。出错自动换方案,不重复同样的错误。

1· 150·0 current·0 all-time
by@michaelfeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The claimed purpose (automatic retry, fallback models, loop detection, recovery from truncation) plausibly requires checking files, running replacement commands, querying backend health, and reading memory/knowledge-graph state. However, the SKILL.md assumes access to model orchestration, memory services, and HTTP health endpoints without declaring any required credentials, endpoints, or config paths — an omission that reduces transparency.
!
Instruction Scope
Instructions explicitly suggest running shell actions (ls, install dependencies, try alternate commands), injecting recovery directives after repeated failures, querying GET /v1/health/backends, and restoring context from a knowledge graph/memory service. Those are broad actions that involve filesystem, package managers, and network calls; the skill gives no constraints or limits and could result in unintended file reads/writes, package installs, or outbound traffic.
Install Mechanism
There is no install spec (lowest install risk). Still, the runtime guidance tells the agent to install missing dependencies at runtime — a behavioral mismatch: the skill expects to perform installs but doesn't declare how or request permission/constraints for doing so.
!
Credentials
The skill does not request any environment variables, credentials, or config paths, yet it presumes access to model fallback chains, backend health endpoints, and memory/knowledge-graph services that typically require credentials or scoped config. Absence of declared secrets or endpoints is an incoherence and a potential security/privacy risk.
Persistence & Privilege
The skill is not set to always:true and is not user-invocable; autonomous invocation is allowed (platform default). It does not request persistent installation or to modify other skills. No elevated persistence privileges are declared.
What to consider before installing
This skill appears to be an instruction-only helper for automatic retries and fallbacks, which can legitimately need to run commands, query health endpoints, and access memory stores — but the SKILL.md omits critical details. Before installing, ask the publisher: (1) which endpoints and credentials (if any) the skill will contact/use, (2) what exact commands it might run (which package managers, whether sudo could be invoked), and (3) whether filesystem reads/writes or package installs will be sandboxed or logged. If you don't trust the author or cannot confirm these, run the skill in a restricted/sandboxed environment, deny network or package-manager access, or decline to install. Prefer skills that explicitly declare required env variables, endpoints, and safety constraints.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tbrtja84hf793pxn1m6m9s84jw72

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis

Comments