Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Autonomous Agent
v1.0.0AI Autonomous Agent Framework with self-driven capabilities. Implements perception, judgment, execution, and reflection layers for intelligent autonomous ope...
⭐ 1· 109·0 current·0 all-time
by@socneo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (autonomous agent) aligns with the included Python modules (perception, judgment, execution, reflection). The presence of code files implementing file watchers, skill-usage tracking, system metrics and a memory system is coherent with the stated purpose. However the SKILL.md claims instruction-only install but many code files are present — not a security flaw by itself, but it increases the runtime surface to audit.
Instruction Scope
SKILL.md and the code explicitly instruct/implement monitoring of file system, skill usage, and user activity and refer to 'event-sources all' and persistent memory. That scope allows reading and recording of arbitrary paths and user interactions. The instructions are high-level (enable event sources, start agent) which gives the agent wide discretion to collect system state unless constrained by configuration; this is scope creep compared to a narrow helper skill.
Install Mechanism
There is no install spec (lowest install risk) and no declared external downloads. That reduces supply-chain risk. Nonetheless, the package contains many executable Python modules — these will run when the skill is used, so the absence of a network install step does not eliminate runtime risk.
Credentials
The skill requests no environment variables or external credentials in registry metadata. The code uses local system APIs (os, psutil) and reads files/paths configured at runtime. There are no declared secrets requirements, which is proportionate; still, ability to monitor arbitrary files is sensitive even without explicit credentials.
Persistence & Privilege
The skill is not marked always:true (good), but it implements a memory system and references storage backend selection and retention periods. Some memory layers are 'permanent' by design. Because persistent storage/backends and any network/export logic are in the omitted/truncated files, there's risk the skill could write sensitive data to disk or external services. Treat persistent memory and any packaging/telemetry code (e.g., package_skill.py) as higher-privilege features that must be audited.
What to consider before installing
This skill implements a full autonomous agent that can watch file paths, monitor other skills, collect user interaction and system metrics, and store memories. Before installing or enabling autonomous operation: 1) Review the remaining/truncated source files (especially package_skill.py, any storage backend implementations, and any networking code) for outbound network calls, hardcoded endpoints, or export logic. 2) Check default config (autonomous_config.yaml) to see which file paths and event sources are enabled by default; restrict watch paths to non-sensitive directories. 3) Run the agent first in MANUAL/ASSISTED mode (not fully autonomous) and in a sandboxed environment or VM. 4) Disable or audit persistent backends — prefer in-memory operation until you confirm storage is local and encrypted (or absent). 5) Look for any code that invokes requests/sockets/ssh/ftp or packages and transmits data externally. 6) Do not grant elevated OS permissions or admin-level access until you are satisfied with the code. If you want, provide the remaining truncated files (or package_skill.py and storage-related files) and I can re-evaluate those specific parts — that would raise confidence above the current medium level.Like a lobster shell, security has layers — review code before you run it.
latestvk97dfbp57fne0fz2jv1yc609cs83b8vn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.