Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
World Model
v2.0.0World Model - Environment understanding, causal reasoning, and prediction for AGI
⭐ 0· 377·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md promises an AGI-level world model that monitors 50+ system variables, simulates actions, and can 'try actions before executing', but the package declares no required binaries, env vars, or config paths. The shipped files are static JSON data and a wrapper; the actual implementation (references to world-model-api.ps1 and an expected world_model.py) is missing. This mismatch suggests the package is incomplete or intentionally missing runtime code.
Instruction Scope
The documentation includes PowerShell API examples (world-model-api.ps1) and API functions that imply reading/updating world state and performing simulations and risk assessments. Those examples would normally require scripts and code to interact with the host system or other tools, but those files are not present. The SKILL.md also describes capabilities like anomaly detection and 'simulate before acting' which imply capability to run commands or invoke other tools; this scope is broader than the declared package content and permissions.
Install Mechanism
No install spec (instruction-only) which is low-risk. However the included unified_wrapper.py performs a dynamic import of a local world_model.py (absent from the bundle). If a runtime world_model.py were present, that dynamic loading would execute arbitrary Python code from the skill directory — expected for many skill wrappers but worth reviewing in any complete package. Currently nothing is installed, but the wrapper's behavior means a future or alternative package containing world_model.py could run arbitrary code.
Credentials
The skill requests no environment variables or credentials, yet claims to monitor system/network/tools and to execute/simulate actions. world-state.json lists tools including 'exec' and 'browser' (implying command execution or external access). The absence of declared env/credential requirements is not proportionate to the stated capabilities and increases uncertainty about what the real implementation would require or access.
Persistence & Privilege
The skill is not marked always:true and declares no config paths or persistent privileges. disable-model-invocation is false (normal default), so the agent could invoke the skill autonomously — this is expected platform behavior and not by itself a flag. Combine this with other concerns before allowing autonomous use.
What to consider before installing
This package is incomplete and internally inconsistent. Before installing or enabling it: 1) Ask the author for the missing runtime files (world_model.py and the referenced world-model-api.ps1) and for provenance (source repository and release signatures). 2) If you receive those files, inspect them for network calls, subprocess execution, file I/O, and credential use (search for requests, socket, subprocess, os.system, open, exec, importlib.exec_module). 3) Do not run in production or grant broad permissions until you verify behavior; test inside a restricted sandbox and monitor outbound connections. 4) Prefer skills that declare required env vars, config paths, and explicit install steps — large capability claims without corresponding code or declared permissions are a red flag. If you want, provide the missing world_model.py and any install scripts and I can re-evaluate with higher confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97cf4sr6wwgg0ptdvg8m6xb558201f6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌍 Clawdis
OSmacOS · Linux · Windows