Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Auto Skill Loader
v2.0.1自动检测当前任务类型,动态加载对应的 Skill。当收到新任务时,分析任务意图, 匹配最佳 Skill 并自动加载。支持 Skill 分级保护(core/protected/dynamic), 即插即用零配置,兼容任何 OpenClaw 部署。 触发词:"自动加载skill"、"动态加载"、"智能匹配skill"...
⭐ 0· 136·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim dynamic discovery and loading of Skills; the code and SKILL.md implement filesystem scanning, frontmatter parsing, level resolution (core/protected/dynamic), and loadable lists. No unrelated credentials, binaries, or external services are requested — behaviour aligns with the stated purpose.
Instruction Scope
SKILL.md and the implementation read SKILL.md frontmatter across workspace, home, and OpenClaw install directories, and (per Step 5) will read full SKILL.md and may load scripts/resources under a Skill's directory. This is coherent for a loader, but it means the loader can cause execution or use of arbitrary code/assets from other Skills without additional explicit user confirmation (protected Skills are flagged but 'dynamic' Skills can be auto-loaded). The SKILL.md also describes calling agents_list / sessions_send for routing — reasonable for routing but broad in scope.
Install Mechanism
No install spec; instruction-only with included small JS files. No downloads from remote hosts, no package installs. The included scripts are lightweight and zero-dependency; nothing in the manifest indicates an installer that writes/executes remote code during install.
Credentials
No credentials or secret environment variables are requested. The code reads a few environment variables (OPENCLAW_HOME, OPENCLAW_WORKSPACE) and enumerates standard user and install directories — appropriate for discovering Skills. There is no disproportionate credential access.
Persistence & Privilege
The skill is not forced 'always:true' and uses default autonomous invocation settings. However, because it can autonomously detect intents and load other Skills (including executing their scripts/resources), enabling it increases the agent's runtime blast radius: a malicious or buggy Skill discovered by this loader could be loaded without further user interaction unless controls (protected/core/skip lists, dryRun, or config) are used.
Assessment
This skill does what it says — it scans your workspace, user and OpenClaw install directories for SKILL.md files and can automatically load other Skills. That capability is useful but powerful: before enabling, review the Skills present in the scanned directories (especially any third‑party or recently added ones), consider adding sensitive Skill names to coreSkills or skipSkills, test with dryRun mode, and disable routing if you don't want automatic agent-to-agent forwarding. If you allow this skill, only install Skills from trusted sources and periodically inspect any scripts/ resources under other Skill directories because the loader may cause them to be executed at runtime.Like a lobster shell, security has layers — review code before you run it.
agentvk975n3kh6s5hf2gw1bvtdcnepd837f6mauto-loadvk975n3kh6s5hf2gw1bvtdcnepd837f6mdynamicvk975n3kh6s5hf2gw1bvtdcnepd837f6mlatestvk975n3kh6s5hf2gw1bvtdcnepd837f6mopenclawvk975n3kh6s5hf2gw1bvtdcnepd837f6mroutingvk975n3kh6s5hf2gw1bvtdcnepd837f6mskillvk975n3kh6s5hf2gw1bvtdcnepd837f6m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.