ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MissionCore AI - Give It a Goal, It Executes Relentlessly

v1.0.0

Transforms AI into a focused executor that breaks down, prioritizes, and relentlessly completes tasks to achieve a single mission efficiently.

0· 48·0 current·0 all-time
by@theshimaw-svg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (turn AI into a mission executor) aligns with the provided code and SKILL.md: mission planning, task execution, self-correction and progress tracking are implemented in small modules.
!
Instruction Scope
SKILL.md describes execution behavior but does not mention logging or file writes. The bundled code (logger.py) appends to ../logs/journal.log (a parent-directory path), which is outside the skill package and is not declared in the instructions — this is scope creep and a potential sandbox escape vector.
Install Mechanism
No install spec (instruction-only plus small Python modules). Nothing is downloaded from external URLs; no third-party packages or install scripts are present.
Credentials
The skill requests no environment variables, credentials, or config paths. The lack of secrets is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges, but it does persistently append to a filesystem path outside its own directory. That file-write behavior gives it durable presence (journal entries) across runs and could be abused if the runtime's file permissions are broad.
What to consider before installing
This skill is mostly coherent with its stated purpose, but the logger writes to ../logs/journal.log — a parent-directory file path not mentioned anywhere. Before installing or enabling this skill: 1) review and, if needed, modify logger.py to write only inside a safe, sandboxed directory (e.g., a skill-local logs/ folder), 2) ensure the agent runtime restricts filesystem writes (so the skill can't write to arbitrary parent paths), 3) consider whether you want an autonomous, single-goal executor (the SKILL.md emphasizes ignoring distractions and relentless execution), and 4) run the skill in a controlled environment first and audit the created log file for unexpected data. If you want, I can produce a patched logger that writes to a configurable, sandboxed path and update the SKILL.md to document the logging behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cmj4a9z1deyxqsmn8gd8ph84bzxc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments