Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent-system
v1.0.0OpenClaw 核心 Agent 调度系统。当用户描述需要"分析"、"规划"、"拆解任务"、"多步骤处理"、"自动执行复杂任务"时激活。 基于复杂度自动选择最优执行路径。
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (core agent orchestrator: planner → executor → reviewer → self-heal) matches the included code and docs — the code implements planner/executor/reviewer/dispatch/evolve and the SKILL.md describes the expected routing. However, there are notable mismatches between docs/schema/code (see 'instruction_scope' and specific issues) that will break runtime integration unless fixed (e.g., complexity types, missing exported symbol).
Instruction Scope
SKILL.md and AGENT_RULES.md mandate: never ask the user for more info, fill missing placeholders with defaults, and always produce output (avoid waiting on user). This is an intentional design choice for autonomous execution but is high-risk: it encourages continuing with incomplete input (and possible hallucination), strips opportunity for safe confirmation, and may cause execution of tasks with incorrect assumptions. Also, AGENT_RULES.md requires placeholder-filling, but the reference implementation does not implement that pre-fill step — another inconsistency.
Install Mechanism
No install spec is provided (instruction-only mode plus sample Node.js files). Nothing is downloaded from external URLs and there are no required binaries or environment variables. Risk from installation mechanism is low, but the package contains runnable JS code which should be reviewed before execution.
Credentials
The skill requests no environment variables, no external credentials, and the code does not perform network calls or access OS config paths. From a credentials perspective it is proportional to the stated purpose.
Persistence & Privilege
always:false (not force-enabled). The skill contains an 'evolve' function that mutates an in-memory LEARNING_STATE and can auto-adjust thresholds (behavioral drift), but it does not persist configuration to disk in the shipped code. Autonomous invocation is allowed (platform default) — combined with the 'do not ask' rule this increases the risk of undesired autonomous actions; consider disabling autonomous invocation for sensitive environments until reviewed.
Scan Findings in Context
[pre_scan_injection_none] expected: The supplied pre-scan reported no injection signals; no regex-based alarms were included in the registry metadata.
[doc_code_schema_mismatch] unexpected: Multiple mismatches found between SKILL.md / ORCHESTRATOR.md / schema.json and the JS implementation that are not expected for an orchestration skill: planner returns complexity as 'low'|'medium'|'high' strings while docs/schema declare numeric complexity (1-10); dispatch returns metrics.tokens_used but schema expects metrics.tokens; token/field names differ across files.
[export_symbol_missing] unexpected: index.js imports 'orchestrator' from src/orchestrator.js but the implementation exports planner, executor, reviewer, dispatch, etc. There is no exported 'orchestrator' function — this will cause runtime errors if used as-is.
[partial_file_truncated] unexpected: src/orchestrator.js appears truncated in the provided manifest ('...g …[truncated]'), indicating the shipped file may be incomplete; this could break runtime behavior and suggests the package snapshot/material may be partial.
What to consider before installing
What to consider before installing:
- The skill's high-level purpose (an autonomous orchestrator) matches the code and docs, but there are serious inconsistencies that will likely break integration or produce surprising behavior. Notable problems: index.js references a non-existent export, complexity is documented as a numeric 1–10 but the planner returns 'low'/'medium'/'high' strings, and schema fields (metrics, plan shape) don't line up with actual return values. These will cause runtime errors or mismatched contracts.
- Policy/design concern: the skill forces 'do not ask clarifying questions' and requires auto-filling defaults and always producing output. That design increases the chance of hallucinated/incorrect results and could be unsafe if the agent is allowed to act autonomously on ambiguous or sensitive tasks. Consider whether you want the agent to proceed without asking.
- Operational safety: no credentials or network calls appear in the code, which reduces exfiltration risk, but the code is runnable JS — review it, run tests in an isolated environment, and do a security audit before enabling the skill for production/autonomous use.
- Recommended actions before enabling broadly:
1) Fix the code/docs/schema mismatches (export names, complexity type, metrics field names) and ensure files are complete.
2) Add/verify unit tests that exercise index.js tools (agent_dispatch/agent_plan/agent_review) and dispatch path.
3) Reconsider the 'prohibit asking' policy: permit safe clarifying questions for tasks that may have security/privilege implications.
4) Run the package in a sandboxed environment (no access to secrets or production systems) and inspect logs/outputs; disable autonomous invocation for sensitive contexts until behavior is validated.
5) If you are not the maintainer, ask the publisher for a canonical homepage or source repo and for signed releases; lack of a homepage and the truncated file reduce confidence in the package's integrity.Like a lobster shell, security has layers — review code before you run it.
latestvk974nvxkbtnktgk27wsb6ksr518428h8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.