Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Smart Scheduler
v1.0.1智能任务调度器 - 简单任务秒级响应,复杂任务深度思辨。自动识别任务复杂度,路由到最优处理器。集成苏格拉底探明、任务分解、资源定位、多模型辩论验证。
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (smart scheduler, routing, debate/locator) align with included modules (scheduler, resource_locator, debate_verifier). However some requested/implicit capabilities go beyond what a simple scheduler description implied: the skill dynamically generates and executes Python code (self-generate), inspects a user skill directory (/home/admin/.openclaw/...), and expects local HTTP services (127.0.0.1:5000, 127.0.0.1:8002). Those are plausible for a full-featured orchestrator but are not justified in SKILL.md (which emphasizes 'no malicious code execution' and tight sandboxing).
Instruction Scope
SKILL.md promises safe sandboxing and no unauthorized network calls, but the code performs local and external network requests (requests.get/post to 127.0.0.1 and clawhub URLs), checks/reads filesystem paths for installed skills, reads /proc/meminfo, writes temporary Python files and executes them with subprocess (python3.8). The runtime instructions (via code) therefore allow file I/O, process execution, and network I/O beyond what the prose security claims assert.
Install Mechanism
No install spec (instruction-and-code bundle only). That minimizes delivery risk (no remote archive downloads at install time).
Credentials
The skill declares no required env vars or credentials, yet code hardcodes service endpoints (e.g., DEBATE_URL = http://127.0.0.1:8002) and references external ClawHub URLs. The SKILL.md states credentials come from environment variables and 'no hardcoded token' — but the presence of hardcoded endpoints and use of local services is inconsistent with that assurance. Also the code can call local services and may consume API quota when self-generating code.
Persistence & Privilege
always:false (good), but the resource locator's self-generation path writes temporary code and executes it, and returned metadata suggests it may persist generated artifacts as new Skills ('should_persist': True). The code also probes and reads the user's skills directory (/home/admin/.openclaw/workspace/skills) which gives it visibility into other installed skills. While not explicitly modifying other skills, these behaviors elevate privilege and persistence risk if the self-generate flow is enabled.
What to consider before installing
This skill is not clearly malicious, but it contains risky and inconsistent behavior compared to its SKILL.md claims. Specific concerns: (1) It writes temporary Python files and executes them with subprocess (python3.8) — that can run arbitrary code on your machine; (2) It contacts hardcoded local services (127.0.0.1:5000 and 127.0.0.1:8002) and external ClawHub URLs, despite claiming no unauthorized network requests; (3) It inspects your skills directory (/home/admin/.openclaw/...) and /proc/meminfo; (4) The SKILL.md asserts sandboxing and no hardcoded tokens, but the code does not implement a clear secure sandbox or use environment-configurable endpoints. Before installing or enabling this skill, consider: run it in an isolated/test environment (not on production machines); require the developer to make endpoints configurable via environment variables (no hardcoded URLs); disable or review the self-generate execution path (or restrict to a real sandboxed runtime/container); request proof or documentation of the claimed sandbox implementation; and audit the full, untruncated code for any other hidden behaviors. If you cannot get these mitigations, avoid installing on sensitive systems.Like a lobster shell, security has layers — review code before you run it.
latestvk9789tmp70ptnje1ad1rvs2j75843a0m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.