🦞 Autonomous Research Loop — 自主研究循环
v1.0.0AI自主生成研究主题,自动深度调研并输出飞书文档,支持无限循环运行,持续产出知识资产。
0· 103·1 当前·1 累计
by 下载技能包
最后更新
2026/4/2
安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated behavior (autonomously researching and creating Feishu docs on a 5‑minute cron) is coherent with its purpose, but important pieces are missing or underspecified (notably any declared credentials for posting to Feishu, unrestricted autonomous operation, and use of a root workspace path), which makes its actual runtime behavior unclear and potentially risky.
评估建议
Key things to clarify before installing: 1) Feishu integration: how will the skill authenticate and where are those credentials stored? Require explicit env vars (app id/secret, bot token, or webhook URL) declared in the skill manifest rather than implicit/global credentials. 2) Rate limits and safeguards: add a sensible daily cap and exponential backoff on failures; avoid an unconditional infinite loop without human review. 3) Least privilege: ensure any Feishu token has minimal permissions (on...详细分析 ▾
⚠ 用途与能力
The skill claims to autonomously generate research topics, perform deep research, and create Feishu (飞书) documents on a repeating schedule. The SKILL.md repeatedly references creating docs and outputting briefings to Feishu, yet the skill declares no required environment variables, no credentials, and no integration details. Creating docs in Feishu normally requires API credentials (app id/secret, bot token, or webhook). The absence of any declared credentials or instructions for authenticating is a mismatch between claimed capability and what would actually be required to implement it.
⚠ 指令范围
The instructions instruct an autonomous infinite loop (cron every 5 minutes) that reads and writes /root/.openclaw/workspace/research_pool.json, generates topics, performs research, and posts outputs to Feishu without human confirmation. The SKILL.md gives the agent broad discretion ('模型自己解决研究质量问题', '不等待人工确认') and no explicit limits on outbound endpoints or rate limits. That open-ended autonomy plus unspecified external posting destinations is a scope risk: the agent could contact arbitrary endpoints or flood an external service.
✓ 安装机制
This is instruction-only with no install spec and no code files; nothing is written to disk by an installer. That reduces supply-chain risk compared with an installer that downloads executables.
⚠ 凭证需求
No environment variables or credentials are declared, yet the runtime behavior requires Feishu access and likely other integration credentials. The skill also specifies a configuration stored at /root/.openclaw/workspace/research_pool.json, which implies read/write access to the agent workspace and potentially sensitive local state. The lack of declared credentials is a disproportionate gap: either the skill expects implicit global credentials (not declared) or it's incomplete/ambiguous.
ℹ 持久化与权限
The skill is not configured as always:true and uses normal autonomous invocation. However, _meta.json contains an explicit cron_job entry that schedules runs every 5 minutes. Combined with the instruction to run without human confirmation and with no per-day limits, this grants the skill ongoing operational presence and can lead to high frequency outbound activity. Autonomous invocation alone is expected, but combined with the other concerns (missing credentials, unlimited loop) this increases the operational risk.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux
版本
latestv1.0.02026/4/2
Initial release: 自主研究无限循环 - 自主生成研究主题、深度研究、创建飞书文档、无限循环运行
● 可疑
安装命令
点击复制官方npx clawhub@latest install autonomous-research-loop
镜像加速npx clawhub@latest install autonomous-research-loop --registry https://cn.longxiaskill.com