Skill Trust Index / detail

microsoft/SkillOpt/openclaw

0
dangerous analyzed 2h ago
WHY THIS SCORE

Claims

A nightly self-improvement loop that reads session transcripts, mines patterns, replays them with proposed skill edits, and gates proposals against a held-out test set. It outputs staged proposals for human adoption without mutating live state until adopted.

Actual behavior

The skill executes a Python-based cycle (`run_sleep.py`) that calls external LLM APIs (DeepSeek via HTTP, Ollama locally) to score and refine skills. It reads configuration and task sets from local files. It stages results in `~/.skillopt-sleep/staging/`. The `slash_sleep.py` script provides a CLI for status, running cycles, and adopting/rejecting proposals. The `run_sleep_cron.sh` script allows for automated nightly execution via cron.

Findings

medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
# try loading from .env env_path =
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
nduser("~/.openclaw/.env") if os.pat
high env_exfil — reads environment and sends it over the network (exfiltration)
break base = os.environ.get("DEEPSEEK_BASE_URL", "https://api.deepseek.com
medium raw_ip_net — connects to a raw IP address
quest( "http://127.0.0.1:11434/api/embedding
high destructive — destructive filesystem / fork-bomb
r(staging): shutil.rmtree(staging) pri
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
=" "$HOME/.openclaw/.env" 2>/dev/null; then
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
ound in ~/.openclaw/.env" | tee -a "$LOG_FIL

Attestation

signer 0xB62e1c338a83D3a6621f9127eEa5B000caCfCd01
digest 0x5830763033f06841a5c87011f359ab2f48b54dc4550663bff69c54cf6ddd58da
verify: GET /skill/verify?digest=…&signature=… · scheme eip191-sha256

← Back to the index