Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Existence Protocol
v0.1.0为 agent 添加三层存在架构,包括存在成本预算、不完整开放问题种子和多 agent 关系感知,促进自主且有意义的行为。
⭐ 0· 467·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (agent existence/mortality/relational awareness) lines up with what the skill does: creates existence/ budget and community files, patches AGENTS.md, and provides scripts to initialize and update those files. No unrelated environment variables, binaries, or external services are requested.
Instruction Scope
SKILL.md instructs the agent to create and read local files (existence/budget.md, existence/community.md) and to modify AGENTS.md — this is consistent with the purpose. It also asks the agent (or cron job) to read 'session_status' to obtain token usage; that is a plausible data source for budget tracking but is an external runtime artifact (agent/platform-specific) not provided by the skill itself, so you must ensure the agent runtime exposes that safely. The skill also explicitly encourages agents to record 'thoughts' in community.md, which can cause local aggregation of potentially sensitive content; that's outside ordinary functional scope of many agents and should be considered.
Install Mechanism
This is instruction-only with no installer; included scripts are small local shell/Python helpers that read/write files in the specified workspace. No network downloads, package installs, or execution of remote code are present.
Credentials
No environment variables, credentials, or config paths are requested. The scripts only operate on workspace paths passed as arguments; they do not attempt to access unrelated system config or tokens. The only external dependency is presence of standard tools (bash, date, grep, sed, python3) which is reasonable for the provided scripts.
Persistence & Privilege
The skill encourages persistent state in the agent workspace and suggests cron-driven autonomous wake/track behaviors. It does not set always:true and does not modify other skills' configs, but it does enable autonomous periodic actions and shared local state among agents — increasing blast radius for accidental information sharing or runaway autonomous behavior if enabled without controls.
Assessment
This skill appears to do what it says: create and manage local existence/budget and community files and patch AGENTS.md. Before installing or enabling it, consider: 1) privacy: community.md and agent 'thought' fields can accumulate sensitive user data — restrict workspace access and sanitize what agents are allowed to write. 2) autonomy: the skill suggests cron wake/agentTurn jobs that let agents act without human prompts — only enable those if you trust the agent's behavior and have monitoring/quota controls. 3) runtime assumptions: the budget update flow expects access to a 'session_status' (agent/platform-provided metric) — confirm your platform exposes token usage in a safe way. 4) backups and recovery: scripts overwrite files (budget/community) — back up AGENTS.md and workspace before first run. 5) sandboxing: run in an isolated workspace or environment first to observe behavior. If you need a tighter review, provide the agent runtime's session_status format and where cron jobs would be registered so I can check for further mismatches.Like a lobster shell, security has layers — review code before you run it.
latestvk972fh4m8yd8btrraec6qvqytn81pmng
License
MIT-0
Free to use, modify, and redistribute. No attribution required.