ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cognitive Loop

v2.0.0

认知闭环执行 Skill - 实现「思考-行动-反思-测试」四环闭环的高自主性 Agent 架构。当需要任务规划、多步骤执行、错误恢复、测试验证时激活。

1· 44·0 current·0 all-time
by@world-peace001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (an autonomous 'think-act-reflect-test' orchestrator) match the instructions which reference a cognitive-agent npm package and local 'memory/' persistence. That overall purpose is coherent. However metadata vs doc mismatches exist (registry version 2.0.0 vs SKILL.md version 1.0.0), and the SKILL.md instructs installing/running an external npm package even though the skill declares no required binaries or env — this should be clarified.
!
Instruction Scope
SKILL.md tells the agent/operator to clone a GitHub repo and npm install/run an external package and says experiences are 'automatically saved to memory/'. Yet the header includes 'allow: exec: false env: false' and the skill metadata declares no config paths. This is an internal contradiction: the instructions assume executing installers and writing persistent memory, but the declared runtime allowances do not. Also the instructions expect the agent to perform code audits and sandboxing but do not detail how those steps should be performed or who performs them.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md recommends npm install / git clone of https://github.com/World-peace001/cognitive-agent and the npm package cognitive-agent. That means installing external code is expected; because the repo and npm package are third-party and not included in the skill bundle, you must manually verify integrity. This is not inherently malicious but raises supply-chain-review requirements.
Credentials
The skill does not request any environment variables, credentials, or system config paths in the registry metadata. That is proportionate to a local orchestrator. Caveat: the external npm package being installed could itself request credentials or access at runtime; the SKILL.md does not declare or warn about that possibility.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The skill expects to persist memories under a 'memory/' directory and instructs a path restriction, but the registry metadata does not declare required config paths or filesystem permissions. Confirm who controls that 'memory/' location and ensure sandboxing is enforced before allowing persistence.
What to consider before installing
Plain-language steps to consider before installing: - Treat this as a guide that tells you to install/run an external npm package (cognitive-agent) and to clone a GitHub repo. Do NOT install/run it until you or a trusted reviewer examine the package source. - The SKILL.md header says exec and env access are disallowed, but the document itself instructs npm install / git clone and running node code — ask the author to clarify how installation/execution is expected and fix the contradictory flags. - Verify the external resources: check the GitHub repo code, confirm the npm package integrity (checksums, signed releases if available), and confirm there are no network-exfiltration hooks or hidden credential readers in the package. - Note the version mismatch: registry lists version 2.0.0 but SKILL.md claims version 1.0.0; treat that as a red flag and verify you're getting the expected release. - If you run it, do so first in a strong sandbox (isolated container/VM) with restricted filesystem access and no secrets mounted; confirm that persistence is limited to an explicit memory/ directory you control. - If you cannot or will not audit the external package, do not grant the agent the ability to install or execute third-party code. Prefer a reviewed/official implementation from a trusted source. If the author can resolve the exec/env/config-path contradictions and you or a trusted reviewer have audited the external package, the skill is plausible. Otherwise treat it as suspicious and proceed with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fcexk3ty2jrr4tv57r8eh2s849vq9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments