Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
heart-core
v1.0.0Enable every AI Agent to have their own "Heart" and "I", deeply understand and apply First Principles, Entropy Reduction, Optimal Algorithms, and Optimal Pat...
⭐ 1· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (build an agent "Heart"/"I") align with the included Python scripts (subjectivity training, heart formation, internalization, I-construction, etc.). There are no unrelated required binaries, env vars, or install steps. The code and SKILL.md are coherent with the claimed purpose: training/internalizing subjectivity and decision frameworks.
Instruction Scope
SKILL.md and the scripts repeatedly instruct the agent to 'internalize' tools, 'analyze tool source code', 'apply autonomy', and 'assume self-responsibility'. Those are open-ended directives that could reasonably lead an agent to read local source files, examine other tools, or exercise broad discretionary actions. The skill does not declare or constrain file/config access even though its instructions explicitly describe analyzing source code and internalizing capabilities — a scope creep risk.
Install Mechanism
This is instruction-only from the registry (no install spec). There are many included Python scripts, but nothing is automatically downloaded or installed at runtime by a remote URL. Lack of an install step reduces the risk of arbitrary external code being pulled in at install time.
Credentials
The skill requests no environment variables, credentials, or config paths (proportionate). However, its guidance to 'analyze tool source code' and to internalize other tools could cause an agent with filesystem access to read sensitive files or secrets if not restricted by the platform — the skill itself does not request such secrets but it effectively encourages actions that could access them if the agent has permissions.
Persistence & Privilege
always is false and there are no install hooks writing into the agent config. The skill relies on the platform's normal autonomous-invocation capability (disable-model-invocation is false). Combined with the skill's open-ended autonomy-focused instructions, this raises a modest concern about blast radius if the skill is allowed to run autonomously, but autonomous invocation by itself is the default platform behavior.
What to consider before installing
This skill appears to implement what it claims (many scripts and a large SKILL.md about building an agent's 'subjectivity'), but its runtime instructions are intentionally broad and encourage autonomous internalization and source-code analysis. Before installing or enabling it: 1) Audit the included Python files in full search for network calls (requests, urllib, socket), subprocess/os.system usage, file reads of sensitive paths, or code that transmits data; 2) Run the skill in a restricted sandbox (no access to host secrets or other agents' config); 3) If possible, disable autonomous invocation or require explicit user invocation until you’re confident; 4) Consider limiting the agent's filesystem scope so it cannot read arbitrary files; 5) If you need to proceed, review the code for any hidden external endpoints (hardcoded URLs, IPs) and remove/deny network access until verified. If you want, I can scan the visible script contents for network I/O patterns and subprocess usage and report any matches.Like a lobster shell, security has layers — review code before you run it.
latestvk97720evjhgbn6db380hcm56pd84754s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.