Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill 自动沉淀
v1.0.0自动将任务经验沉淀为 skill。当任务满足沉淀条件时触发:使用了 5+ 次 tool call、遇到错误后找到正确解法、用户纠正了方法、或发现了可复用的多步骤 workflow。完成任务后自动评估是否值得沉淀,查重已有 skill,创建新 skill 或更新已有 skill。
⭐ 0· 31·0 current·0 all-time
by@binyuli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (auto-convert repeated/complex workflows into skills) aligns with the runtime steps: deduplicate existing skills, create or update SKILL.md, and publish locally. However, the metadata declares no required binaries or config paths while the instructions assume the presence of python3, a 'skill-creator' script under /usr/lib/node_modules, and a 'clawhub' publish command. That mismatch (metadata omits these dependencies) is noteworthy.
Instruction Scope
SKILL.md directs the agent to scan ~/.openclaw/skills/ and /usr/lib/node_modules/openclaw/skills/, run a system python script at /usr/lib/node_modules/openclaw/skills/skill-creator/scripts/init_skill.py, and call 'clawhub publish'. These actions involve reading system and user files and executing code. While these steps are relevant to deduplication and skill creation, the instructions are vague about how 'task complete' and the 5+ tool-call trigger are detected and offer no explicit safeguards (e.g., user confirmation before creating/publishing). The file/path accesses and execution are not declared in the skill metadata — an inconsistency and potential privacy/execution risk.
Install Mechanism
This is instruction-only with no install spec, which limits what the skill itself writes to disk. That lowers risk. Still, the instructions assume external tooling and a script under /usr/lib/node_modules will exist; if they don't exist the agent may try to locate or install them (not described).
Credentials
The skill requests no credentials or environment variables. The primary sensitivity is filesystem access (reading and writing SKILL.md under user and system skill directories). Those accesses are relevant to the stated purpose but should be explicit in metadata and gated by user consent.
Persistence & Privilege
The skill is not marked always:true and does not request persistent elevated privileges. It does instruct writing to ~/.openclaw/skills/ (its own domain) and publishing locally, which is consistent with its purpose. There is no instruction to modify other skills' configs or system-wide agent settings beyond using the skill-creator script.
Scan Findings in Context
[no_code_files_to_scan] expected: Static scanner had no code files to analyze because this is instruction-only. The absence of findings is expected but means the SKILL.md instructions are the primary security surface.
What to consider before installing
This skill's behavior is plausible for 'autosave' functionality, but it references scanning your personal and system skill directories and running a system-local script (and a 'clawhub publish' command) even though the metadata declares no required paths or binaries. Before installing or enabling it, verify: (1) you trust the 'skill-creator' and 'clawhub' tools and that the script path (/usr/lib/node_modules/...) exists and contains trusted code; (2) you are comfortable letting the agent read ~/.openclaw/skills/ and /usr/lib/node_modules/openclaw/skills/ and create/update files there; (3) whether you want automatic creation/publishing or prefer a manual confirmation step. If you proceed, consider backing up your ~/.openclaw/skills/ folder and adding an explicit confirmation requirement in the SKILL.md (or disabling autonomous invocation) so the agent cannot create/publish skills without your consent.Like a lobster shell, security has layers — review code before you run it.
latestvk97106td5akbwcexsc3b1n3wn984y5hk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.