Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (批量执行实施计划, 人工检查点) align with instructions to load plan files, execute tasks, insert manual checkpoints, and finalize work. This is coherent. Minor note: the SKILL.md expects reading '计划文件' and submitting code, which are consistent with the purpose but the spec does not say where plan files live or any access constraints.
Instruction Scope
Runtime instructions tell the agent to read plan files, execute tasks, verify completion, and '提交代码' (commit code). Those are normal for an execution workflow, but they allow the agent to read arbitrary project files and modify the repository. The SKILL.md also marks 'REQUIRED SUB-SKILL: core-finishing-branch' without declaring that dependency in the registry metadata, creating a gap between instructions and declared capabilities.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing is written to disk by an installer here.
Credentials
The skill declares no environment variables or credentials, yet instructions imply operations that often require credentials (e.g., committing/pushing code requires git/remote credentials; embedded-hardware hooks may require hardware access or toolchains). The skill does not declare or justify these needs.
Persistence & Privilege
always:false and standard model invocation. The skill does not request persistent/force-included presence or attempt to modify other skills or global agent settings.
What to consider before installing
This skill appears to do what it says (batch-run plan tasks with manual checkpoints) but has a few gaps you should address before enabling it:
- Expect the agent to read project files and to make commits. If you don't want code changes, run it in a forked or sandboxed repo or ensure the agent is restricted to read-only access.
- The SKILL.md states a REQUIRED SUB-SKILL (core-finishing-branch) but the registry metadata does not declare that dependency — verify that sub-skill exists and is installed, or the workflow may fail.
- Committing/pushing typically requires git credentials; the skill declares none. Decide how the agent will obtain and be limited in using those credentials (short-lived tokens, least privilege, audit logs).
- The instructions are vague on how plans are located — confirm expected file paths or provide explicit plan artifacts to avoid accidental access to unrelated files.
- If you plan to allow autonomous runs, enforce the described manual checkpoints (ensure the agent truly pauses for human confirmations) and test behavior in a safe environment first.
If you cannot verify the sub-skill, credential handling, and workspace/file boundaries, treat this skill as risky and prefer manual operation or additional safeguards.Like a lobster shell, security has layers — review code before you run it.
latestvk979p1g1hb9an03wgxnjhz86f583597s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.