伐谋 - 实验管理
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches FaMou experiment management, but it can delete and resubmit experiments without a clear confirmation step and stores an API key locally.
Before installing, verify the famou-sdk source, use a limited FaMou API key, and tell the agent to ask before changing files, deleting or canceling experiments, or resubmitting failed runs. Review the selected experiment directory before upload.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A failed experiment could be deleted and rerun, and local experiment files could be changed, without the user separately approving those high-impact actions.
The workflow directs the agent to modify experiment components, delete a failed remote experiment, and resubmit it after status polling, but does not require explicit user approval or define retry/rollback boundaries.
- 实验失败:修复评估器和初始解,删除失败的实验,重新提交
Require explicit confirmation before editing files, canceling/deleting experiments, or resubmitting; also define retry limits and make destructive actions reversible where possible.
Anyone with access to that local settings file may be able to use the configured FaMou account permissions.
The helper stores the supplied FaMou API key persistently in a local settings file. The use is purpose-aligned and output is masked, but it is still credential handling.
SETTINGS_PATH = os.path.expanduser("~/.famou-ctl/settings.json") ... "api_key": api_key.strip()Use a least-privilege API key, protect local file permissions, rotate the key if exposed, and prefer a secure credential store if available.
Installing the SDK runs third-party package code in the user's Python environment.
The skill instructs installation of an unpinned SDK package, with a fallback that allows pre-release packages from a private index. This is central to the skill purpose, but it creates supply-chain trust requirements.
若命令未找到,执行安装:`pip install famou-sdk`; 备用安装连接:`pip install famou-sdk -i https://pip.baidu-int.com/simple --pre`
Verify the package source, pin a trusted version where possible, and install in an isolated environment.