Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Adversarial Engine
v1.0.0多模型对抗引擎 - 四模型真实对抗辩论系统。架构师+工程师+安全官+仲裁者协作,代码沙箱验证,向量检索增强,收敛判断自动熔断。
⭐ 0· 39·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code implements the advertised features (multi-role LLM calls, code sandbox, vector search, WebSocket server) so purpose and capability broadly align. However, the implementation embeds a DEFAULT_API_KEY and a BASE_URL for an external LLM service (coding.dashscope.aliyuncs.com) that are not declared in the skill metadata (no required env vars). The SKILL.md's file list (code_sandbox.py, vector_enhancer.py, database.py) does not match the provided filenames, indicating sloppy packaging or stale documentation.
Instruction Scope
SKILL.md describes running engine.run_debate and exposing a WebSocket, which matches the code. But the runtime behavior includes: (1) calls to an external LLM API (sending prompts, possibly code and sensitive context) using a hard-coded key; (2) executing model-generated Python via subprocess without strong containment (only timeout + deletion of temp file); (3) reading a local knowledge base path (/home/admin/.openclaw/workspace/kb) and writing a sqlite DB under /home/admin/.openclaw/workspace/data — these side effects are not documented in the skill metadata.
Install Mechanism
There is no install spec (instruction-only), so nothing is pulled automatically at install time. However, the package includes runnable Python code that depends on third-party libraries (requests, aiohttp, fastapi, uvicorn). Because there is no declared install step, users may attempt to run the code in an environment missing these deps. No external download URLs or extract steps are present (lower install risk), but the included code will execute when invoked.
Credentials
The skill declares no required environment variables or credentials, yet the code embeds DEFAULT_API_KEY = "sk-sp-..." and will use it to call an external LLM endpoint. It also tries to import a local api_key_manager (if present) to route keys. Asking for no creds while using a hard-coded key is inconsistent and a red flag: the skill will exfiltrate prompts/outputs to a remote service using that embedded key unless replaced. It also reads/writes host paths (kb, DB) without declaring them.
Persistence & Privilege
The skill does not set always:true and doesn't modify other skills. It creates a sqlite database under /home/admin/.openclaw/... and can start an HTTP/WebSocket server bound to 0.0.0.0, which opens a network service and serves files from local paths. Those behaviors give it persistent presence (on-disk DB, listening network port) and potential to expose host files if run on an unrestricted host; this is expected for a server but should be considered when choosing the runtime.
What to consider before installing
Do not run this on a production or sensitive host without review. Specific things to consider before installing or running: 1) Embedded API key: the code contains a DEFAULT_API_KEY and calls an external LLM endpoint — replace the key with your own or remove it; treat the embedded key as compromised. 2) Remote calls: prompts, including any confidential data you supply, will be sent to the external service (coding.dashscope.aliyuncs.com) by default. 3) Code execution: the 'sandbox' runs model-generated Python via subprocess with only a timeout and temp-file deletion — this is not a secure sandbox (no namespace isolation, no seccomp, no chroot). Run inside an isolated container or VM, or harden the sandbox. 4) File and network exposure: the server serves files from /home/admin paths and opens a network port (0.0.0.0) — this can expose local files; restrict binding or firewall appropriately. 5) Missing/declarative inconsistencies: SKILL.md filenames differ from the packaged files and no dependencies or env vars are declared — expect to manually install requirements. Recommended steps: run in an isolated disposable container, audit and remove the hard-coded key, configure a trusted key router or your own API key via a secure env var, restrict network access to the server, and review any local knowledge base files that the skill will read. If you lack the ability to safely sandbox or review the code, avoid installing or invoking this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk979n85dc566cca5t0mrmgkkt184qyzt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.