Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Instruction Auditor
v1.0.0Audits all agent instruction files for contradictions that cause hallucinations or silent misbehavior. Use when: (1) any agent behaves inconsistently despite...
⭐ 0· 21·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly intends to discover, read, cross-reference, and (with confirmation) modify agent instruction files and cron payloads under system paths like /opt/ocana/openclaw and workspaces. That capability is consistent with an 'instruction auditor'. However, the registry metadata declares no required config paths or binaries, yet the instructions assume existence of the openclaw CLI, python3, and direct filesystem access to /opt/ocana/openclaw and agent workspaces. The omission of these runtime dependencies/config paths is an incoherence worth flagging.
Instruction Scope
The instructions explicitly read system-wide files (AGENTS.md, SOUL.md, HEARTBEAT.md, MEMORY.md, cron payloads, SKILL.md) and instruct the agent how to modify those files and to add the audit to HEARTBEAT.md (i.e., schedule recurring runs). Reading is appropriate for auditing, but the skill also instructs applying fixes (including direct edits) across agents and cron jobs — a high-impact action. The SKILL.md does ask for user confirmation for destructive changes, but it still grants the skill broad discretion to change multiple system files when run.
Install Mechanism
Instruction-only skill (no install spec, no code files) — lowest install risk. Nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables or config paths, yet the instructions access /opt/ocana/openclaw, agent workspaces, and cron definitions and call host tools (openclaw CLI, python3, find, cat). Accessing those system paths and CLIs is proportionate to auditing instructions, but the metadata should have declared them (e.g., required config paths, required binaries). The mismatch between claimed requirements and actual file/CLI usage is a red flag.
Persistence & Privilege
The skill is not 'always:true', but SKILL.md recommends adding the audit to the main agent's HEARTBEAT.md for twice-daily automatic runs and describes applying fixes across agents. That implies persistent, cross-agent privileges (editing other agents' instruction files and cron payloads). Allowing autonomous invocation combined with write/update actions across system instruction files increases blast radius and should be gated by explicit user policies and backups.
What to consider before installing
This skill is plausibly useful (it inspects agent instruction files for contradictions), but it asks the agent to read and possibly edit system-wide instruction files and cron payloads while the published metadata does not declare the needed binaries or config paths. Before installing: (1) Review SKILL.md and the reference files yourself to confirm you trust the author; (2) Back up all agent instruction files and cron configs; (3) Ensure the host has the referenced tools (openclaw CLI, python3) and that the skill is run in a controlled/test environment first; (4) Prefer manual invocation (do not add to HEARTBEAT.md) until you verify behavior; (5) Require explicit, interactive confirmation before any file edits; (6) If you don't recognize the owner or 'Koren' mentioned in the doc, remove hard-coded external reporting lines or replace with an auditable destination. These mismatches ( undeclared filesystem/binary requirements and broad edit powers) are the primary reasons this skill is flagged suspicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97fmrtpc3adjn2rh54fxg2xtd84fake
License
MIT-0
Free to use, modify, and redistribute. No attribution required.