ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Stop Asking and Just Do It

v1.0.0

Autonomous programming mode for openclaw.ai. Use this skill whenever a user requests any code change, feature addition, refactor, bug fix, or project task —...

0· 394·1 current·1 all-time
by@ubuntume
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description claim fully autonomous programming behavior and the SKILL.md indeed provides detailed instructions for autonomous code changes, self-verification, and maintenance of project conventions. No unrelated binaries, installs, or credentials are requested, so requirements align with the stated purpose.
!
Instruction Scope
The instructions require the agent to read and modify the codebase, create a full task tree, and 'do all the work, autonomously, without interrupting the user.' They explicitly forbid many clarifying questions and instruct the agent not to wait for explicit permission. That broad, prescriptive autonomy increases risk of unwanted edits, high-impact changes, or breaking behavior because the skill discourages human confirmation.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes disk-write/install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. It asks the agent to read the repository and project files (expected for a code-editing skill) and does not request unrelated secrets.
Persistence & Privilege
always is false and the skill is user-invocable, so it does not demand permanent inclusion. However, the SKILL.md's explicit instruction to proceed without user permission and to avoid asking clarifying questions effectively elevates its operational privilege: if invoked (or invoked autonomously by the platform), it directs the agent to make unilateral changes. This is a policy/behavioral privilege rather than a declared system privilege.
What to consider before installing
This skill is coherent with its stated goal of doing code work autonomously, but it purposely instructs the agent to act without asking for confirmation and to avoid clarifying questions. Before installing or enabling it, consider whether you want the agent to: (1) make unilateral edits to your repository or create commits/PRs without explicit approval, (2) proceed on assumptions that might be wrong for your project, or (3) perform risky refactors or wire-ups that should be reviewed. If you still want autonomy but with limits, ask the author (or modify the SKILL.md) to add safe-guards: require explicit confirmation before writing to the repo or pushing, produce a proposed plan/patch for review before applying it, never push to remote without approval, and log a clear summary of all changes. If you cannot inspect or control those behaviors, treat this skill as high-risk and avoid enabling it for repositories where unintended changes are unacceptable.

Like a lobster shell, security has layers — review code before you run it.

latestvk9745qpdmn3cfk6e34mzfk4stn81w0gm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments