Skillv1.1.0

ClawScan security

goal-agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 7:55 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (scaffolding a goal-directed agent) is plausible, but the package is incomplete (templates are missing) and the runtime instructions permit arbitrary shell commands and autonomous actions that require careful review before activation.
Guidance: Do not activate this skill as-is. Key considerations: - The package is incomplete: scaffold.sh expects a templates/ directory that is not included; request the missing templates or a complete release from the author before running. - Always inspect the generated HEARTBEAT.md and evaluate.sh before copying them into ~/clawd/HEARTBEAT.md. These files will drive autonomous actions. - The metric you pass is an arbitrary shell command. Ensure it is read-only and cannot execute or write state. Prefer simple cat/jq/wc commands and validate evaluate.sh behavior. - Constraints are textual only — the agent will follow them in language, not via enforcement. For risky goals, run the agent in a dedicated VM or under restricted user permissions, set low --max-iterations, and monitor early iterations. - If you need to proceed, ask the publisher for the missing templates, or unpack and review the templates that will be used to generate evaluate.sh so you can verify there is no unintended command execution or injection (sed substitutions may inject user-provided text into files).

Review Dimensions

Purpose & Capability: noteThe name and description match the included behavior: generate a workspace (GOAL.md, STRATEGY.md, HEARTBEAT.md, evaluate.sh) for an autonomous optimization loop. However, the provided scaffold.sh expects a templates/ directory (TEMPLATES_DIR) which is not present in the file manifest — this makes the script nonfunctional as shipped and is an inconsistency between claimed capability and actual package contents.
Instruction Scope: concernSKILL.md instructs the agent to 'Act' each heartbeat and to run an arbitrary user-supplied metric command (any shell command that returns a number). While the skill warns to make metrics read-only and to set constraints, the enforcement is purely textual (no programmatic sandbox). That means a misconfigured metric or lax constraints could let the agent execute destructive or networked actions. Users must manually review generated HEARTBEAT.md and evaluate.sh before activating.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk, but scaffold.sh writes generated files into the user's output-dir. The higher concern is the missing templates directory referenced by scaffold.sh — either templates are omitted from the package or scaffold.sh assumes a different install layout. As provided, the script will fail to find its templates.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to the stated purpose. Note: examples reference user-local scripts and files (e.g., ~/.openclaw/scripts/twitter-follower-count.sh); those are user-specific and not requested by the skill but could be referenced by supplied metric commands.
Persistence & Privilege: okThe skill is not marked always:true and uses the platform's normal autonomous invocation model. Activating the generated HEARTBEAT.md (by copying it into ~/clawd/HEARTBEAT.md) gives the agent ongoing behavior — this is expected for a goal loop but does increase blast radius, so follow the guidance to isolate runs.