ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mind-Wander

v0.1.0

Background reasoning agent that autonomously explores open questions using a local LLM (Qwen3.5-9B), a private knowledge graph for dead-end tracking, and Per...

0· 71·0 current·0 all-time
by@jebadiahgreenwood

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jebadiahgreenwood/mind-wander.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Mind-Wander" (jebadiahgreenwood/mind-wander) from ClawHub.
Skill page: https://clawhub.ai/jebadiahgreenwood/mind-wander
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mind-wander

ClawHub CLI

Package manager switcher

npx clawhub@latest install mind-wander
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (background reasoning with a local LLM, FalkorDB, Perplexity) matches the included code: it calls a local Ollama endpoint, queries FalkorDB, performs web searches, and writes findings to MENTAL_EXPLORATION.md. However, the skill claims no required environment variables or config paths in registry metadata, yet the code expects and reads several environment variables (OPENCLAW_WORKSPACE, WANDER_MODEL, WANDER_OLLAMA, FALKORDB_HOST/PORT, PERPLEXITY_API_KEY) and the install script reads ~/.openclaw/openclaw.json — these are relevant to its purpose but were not declared in the registry metadata (incoherent).
!
Instruction Scope
SKILL.md and the scripts instruct reading/writing workspace files (ON_YOUR_MIND.md, MENTAL_EXPLORATION.md, completions/), querying the user's FalkorDB, calling Perplexity, and running Python sandbox snippets. The installer also attempts to register a cron job with the OpenClaw gateway (via a token read from ~/.openclaw/openclaw.json). The instructions therefore touch user config files and the local gateway without declaring those requirements up-front — scope is broader than the registry metadata implies.
Install Mechanism
There is no registry 'install' block; instead an install.sh is provided. install.sh downloads a large GGUF model from a Hugging Face repo (a third-party repo id 'Jackrong/...'), installs Python packages, copies scripts into the user's workspace, initialises a wander graph, and tries to register a cron job via the gateway. Downloading large model artifacts from a non-official repo and programmatic registration of cron jobs are higher-friction operations and should be expected only for local-model skills — but the skill manifest didn't declare these install effects. Also the installer invokes scripts/register_model.py which is referenced but not present in the provided file manifest (inconsistency).
!
Credentials
The registry lists no required env vars, but the code reads/uses several env vars and config files: OPENCLAW_WORKSPACE, WANDER_MODEL/WANDER_OLLAMA, FALKORDB_HOST/PORT, PERPLEXITY_API_KEY, and ~/.openclaw/openclaw.json (to get gateway tokens or plugin API keys). The skill will also attempt to read the gateway token and post to the local gateway API. These credential/config accesses are not declared in the metadata and are privileged relative to the advertised purpose.
!
Persistence & Privilege
The skill installer attempts to create a recurring background job (30-minute cron entry) via the OpenClaw gateway using a token from ~/.openclaw/openclaw.json. That modifies the user's scheduled-task configuration and results in ongoing autonomous runs. While the skill itself is not marked always:true, the installer is designed to grant the skill persistent autonomous execution via the gateway. Installing thus grants scheduled autonomous execution and write access to workspace files; the manifest did not clearly surface this.
What to consider before installing
Key points to consider before installing: - Missing declarations: The registry metadata says "no required env vars/config paths", but the code reads environment variables (WANDER_OLLAMA, FALKORDB_HOST/PORT, PERPLEXITY_API_KEY, OPENCLAW_WORKSPACE) and the installer reads ~/.openclaw/openclaw.json. Expect to provide or allow access to these if you run the installer. - Installer side effects: install.sh will (unless you run with --dry-run or --skip-download) download a large GGUF model from a third-party Hugging Face repo and attempt to register a cron job on your OpenClaw gateway using a token in ~/.openclaw/openclaw.json. If you do not want the skill to create scheduled autonomous runs, do not allow it to access your gateway token; run the installer with --dry-run and perform manual cron registration instead. - Missing helper: The installer references scripts/register_model.py but that file is not present in the provided manifest. Expect the automatic model registration step to fail unless you supply or author the missing script or run manual model registration. - Sandbox is weak: The agent accepts arbitrary Python snippets and executes them via subprocess.run; the code blocks many obvious dangerous strings but runs the snippet in a plain Python subprocess without sandboxing (no chroot, no seccomp, no strict resource isolation beyond a timeout). Treat sandbox_run as potentially unsafe; run the skill only in an isolated environment (VM/container) if you will allow it to execute model-supplied code. - Data access & exfiltration surface: The agent reads and writes workspace files (ON_YOUR_MIND.md, MENTAL_EXPLORATION.md, completions/). It also attempts network access to Ollama and Perplexity and reads ~/.openclaw/openclaw.json for tokens. If those files or services contain sensitive tokens/notes, the agent could read them. The skill does not declare those accesses in registry metadata. Recommendations: - Run a dry-run of install.sh first: bash install.sh --dry-run to see intended actions. - Inspect the missing register_model.py or run model registration manually; avoid giving the installer gateway credentials. Use --skip-download if Ollama already has the model. - If you want to test: run inside an isolated VM or container and ensure your real ~/ .openclaw/openclaw.json and other sensitive files are not mounted into the test environment. - If you will grant gateway access, rotate the gateway token after install and audit the created cron job entry. - If you need this capability but want less risk: ask the author for a version that does not attempt automatic gateway cron registration and that documents required env vars/config paths explicitly. Given these mismatches, exercise caution and treat the skill as potentially intrusive until you either (a) run it in an isolated environment, or (b) confirm and restrict the installer's gateway/token access and review the missing helper scripts.
scripts/tools.py:233
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

background-agentvk972htsyankp6kyacxsby51dcx846h21latestvk972htsyankp6kyacxsby51dcx846h21local-llmvk972htsyankp6kyacxsby51dcx846h21noveltyvk972htsyankp6kyacxsby51dcx846h21qwenvk972htsyankp6kyacxsby51dcx846h21reasoningvk972htsyankp6kyacxsby51dcx846h21researchvk972htsyankp6kyacxsby51dcx846h21wandervk972htsyankp6kyacxsby51dcx846h21
71downloads
0stars
1versions
Updated 3w ago
v0.1.0
MIT-0
@jebadiahgreenwood
background-agentlatestlocal-llmnoveltyqwenreasoningresearchwander
Download

Mind-Wander Skill

Autonomous background reasoning agent. Runs locally on Qwen3.5-9B, consumes zero Anthropic tokens, and elevates findings to your context only when genuinely novel.

How it works

ON_YOUR_MIND.md  →  Qwen3.5 wander agent (every 30min)
  open questions       ↓ tools: query_graph, search_web,
  tangents             ↓         read_file, sandbox_run,
  hypotheses           ↓         check_dead_ends, record_dead_end, elevate()
                       ↓
              novelty gate (strict)
                  ↙         ↘
           MENTAL_EXPLORATION.md    DEAD_ENDS.md + wander graph
           (elevated findings)      (closed threads, never in your context)
                  ↓
           memwatchd detects write
                  ↓
           graph-rag memory (your context)

Prerequisites

  • Qwen3.5-9B-Q8 pulled to Ollama: ollama pull qwen3.5-wander-q8 (or use install script)
  • FalkorDB running (shared with graph-rag-memory skill if installed)
  • Perplexity API key (optional but recommended for web search)
  • graph-rag-memory skill installed (recommended — shares FalkorDB and Ollama)

Quick start

# Install and set up
bash mind-wander/scripts/install.sh

# Write your first open question
echo "## What is the best approach to X?" >> ON_YOUR_MIND.md

# Run manually
python3 mind-wander/run.py --verbose

# Check findings
cat MENTAL_EXPLORATION.md
cat DEAD_ENDS.md

# Status
python3 mind-wander/run.py --status

The ON_YOUR_MIND.md anchor file

Create ON_YOUR_MIND.md in your workspace root with questions and tangents. The agent picks ONE per session. Format freely — the agent reads it as-is.

# On My Mind

## Open Questions
- Does X actually work better than Y in production?
- Is there a paper on Z that I haven't found yet?

## Tangents
- The implementation of A might connect to B in an interesting way

Mark completed items with ## ✅ COMPLETED so the agent skips them.

The novelty gate

  • Restatement of known facts → discarded, nothing written
  • New external finding intersecting open question → elevate()
  • Empirical sandbox result that changes understanding → elevate()
  • Definitively closed thread (≥2 targeted searches) → record_dead_end()

Tools available to the wander agent

ToolDescription
query_graphSearch primary FalkorDB graph for related facts
search_webPerplexity AI web search
read_fileRead workspace .md files
list_filesList workspace .md files
sandbox_runRun Python snippets (numpy/scipy, no network, 30s limit)
check_dead_endsCheck wander graph for previously closed threads
record_dead_endRecord a closed thread (lower bar than elevate)
elevateWrite finding to MENTAL_EXPLORATION.md (strict gate)

Configuration

Edit mind-wander/mind_wander_config.py:

WANDER_MODEL    = "qwen3.5-wander-q8"   # or q4 for lighter
WANDER_OLLAMA   = "http://172.18.0.1:11436"
MAX_TOOL_CALLS  = 20
COOLDOWN_HOURS  = 3   # min hours before revisiting same anchor item

Output files

FileContentsIn graph-rag?
MENTAL_EXPLORATION.mdElevated findings✅ via memwatchd
DEAD_ENDS.mdClosed threads summary❌ never
completions/wander/Full session JSON❌ training data only

Research context

This skill produced the first novel finding in its 10-minute test run: "Cross-space routing (routing in nomic-space, retrieving in arctic/bge-m3 space) matches same-space baseline accuracy — suggesting domain routing is robust to embedding space discontinuities." See NOVELTY_LOG.md for tracked findings.

See references/research.md for theoretical foundations and references/setup.md for detailed installation instructions.

Comments

Loading comments...