Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Adaptive Skill Stack
v1.0.0自适应技能叠加技能——一个能够根据用户需求实时演化的元技能。每次使用时自动分析需求,叠加已有能力或构建全新能力实例,完成任务后将新获能力写入参考文件实现持续进化。此技能自身SKILL.md永不修改,但可自由改写自身的参考文件、脚本和资源文件。文件保护分四级:SKILL.md绝对不可触碰,结构脚本和格式契约仅用户授...
⭐ 0· 38·0 current·0 all-time
by波动几何@wangjiaocheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a meta-skill that adapts by composing or creating capabilities and persisting them to files. The included capability-tracker.py and the references/ and assets/ manifests align with that purpose. Asking to read and append to a local capability registry and protocols file is coherent with the described function.
Instruction Scope
SKILL.md explicitly requires the agent to read and append structured entries to references/capability-registry.md and to update references/protocols.md and to save reusable resources into assets/ or scripts/ after every task. That gives the agent broad discretion to create new scripts and templates in the skill directory; while limited to the skill folder, this is persistent state and is executed/used across runs. There are no instructions to access external secrets or unrelated system files, but the 'must write after each task' rule is prescriptive and could cause unexpected accumulation of code and resources.
Install Mechanism
No install spec and no downloads or external package installs; the skill is instruction + a small local Python script. This is the lowest-risk install mechanism.
Credentials
The skill declares no required environment variables, credentials, or config paths. All file access is limited to files inside the skill directory (references/, scripts/, assets/), which is proportionate to its stated purpose.
Persistence & Privilege
The skill is explicitly designed to persist new capabilities, scripts, templates and knowledge by writing files into its directory after task completion. While writing its own files is allowed and coherent with the purpose, this creates a persistent, self-modifying capability: the agent can accumulate new executable scripts (scripts/*.py) and templates that may be used in future runs. Because the agent is allowed to invoke the skill autonomously (disable-model-invocation=false by default), that persistence expands the blast radius if the agent is later permitted to run generated scripts or load generated resources without human review.
What to consider before installing
This skill is coherent with its description (it keeps a registry and writes new capability entries and resources to disk). The main risk is persistence: after each task it will append to its registry and may create new scripts/templates inside the skill folder, effectively evolving its behavior across runs. Before installing or enabling autonomous invocation, consider:
- Run the skill in a sandbox or restricted environment where the skill directory is isolated and has no access to sensitive files or networked mounts.
- Disable autonomous invocation or require explicit user confirmation before the agent performs file writes or executes any newly created scripts.
- Audit and review any files created under references/, scripts/, and assets/ after each run; especially inspect new scripts (*.py) and templates before allowing them to execute.
- If you need stronger guarantees, make the capability-registry and protocols files read-only by default and require an explicit manual 'commit' step to accept suggested changes.
Confidence is medium because the skill's behavior is internally consistent, but the persistence/self-modifying pattern raises non-negligible operational risk that depends on runtime governance (sandboxing, manual review, agent invocation policy).Like a lobster shell, security has layers — review code before you run it.
latestvk976qxgjm8h53wpn7y8tf79b9n84gpxv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.