Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Autogrind
v1.0.1Let the agent work continuously and fully autonomously without stopping. Use this skill for long-running grind sessions across code, ML/data, research, desig...
⭐ 1· 91·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the instructions: the SKILL.md defines a multi-phase, continuous work loop that inspects project files, runs tests, plans tasks, and persists work. Required binaries/env/configs are none, which is consistent for an instruction-only mode that relies on existing agent tool access.
Instruction Scope
Instructions direct the agent to scan common guidance files and project artifacts, run git/status/tests, inspect TODOs/FIXMEs, produce prioritized tasks, and persist changes. Those actions are within the stated purpose (long-running project work). However the doc also mandates always treating many generic user phrases (e.g., 'keep going', 'keep improving') as triggers — this broad trigger set expands invocation scope beyond explicit requests and could cause unexpected activation.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads or installs are requested, so there is no install-time code execution risk.
Credentials
No environment variables, credentials, or config paths are required by the registry metadata. The runtime instructions expect reading repository/project files and running local tools (git, tests), which are proportional to the skill's purpose.
Persistence & Privilege
The skill enforces 'GRIND UNTIL EXPLICIT STOP SIGNAL' and instructs the agent to never stop on its own. Combined with normal autonomous-invocation ability and the broad trigger phrases, this creates a real risk of prolonged/unbounded agent activity (resource consumption, repeated commits/changes, accidental data exfiltration if network-capable tools are available). The skill itself is not marked always:true, but its semantic insistence on indefinite runtime raises operational safety concerns.
What to consider before installing
This skill appears to do what it says — keep an agent running continuous improvement cycles on a project — but it explicitly requires the agent to 'never stop' until the user gives an explicit stop. Before installing: 1) Do not enable this on agents with access to sensitive systems, production credentials, or broad network privileges. 2) Prefer running AutoGrind in a sandboxed environment with resource/time limits and monitoring (CPU, disk, network, logs). 3) Add explicit stop/timeout safeguards in the agent runtime (max cycles, max runtime, or a kill switch). 4) Be cautious because the skill treats common phrases like 'keep going' as triggers; if you want manual control, restrict invocation or remove/modify trigger behavior. 5) Ensure the project is under version control and you have backups of important data before allowing autonomous persistence actions (commits, file writes).Like a lobster shell, security has layers — review code before you run it.
latestvk979dwmbvxaw9d91t184gztxd583t0w7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.