← 返回 Skills 市场

Huo15 Autoresearch Loop

Name: Huo15 Autoresearch Loop
Author: zhaobod1

作者 Job Zhao · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

166

总下载

当前安装

版本数

在 OpenClaw 中安装

/install huo15-autoresearch-loop

功能描述

基于 Karpathy 自主研究循环的 OpenClaw Skill，Modify → Verify → Keep/Discard → Repeat forever

使用说明 (SKILL.md)

huo15-autoresearch-loop

基于 uditgoenka/autoresearch（Karpathy 自主研究循环）的 OpenClaw Skill 实现。

触发词

自动迭代
autoresearch
跑起来别停
自动循环

功能

实现 Karpathy 的 Modify → Verify → Keep/Discard → Repeat forever 自主研究循环。

核心流程

用户说「自动迭代 [目标] [验证命令]」
初始化状态（目标/验证命令/迭代次数/范围）
循环：
- 修改代码/文件
- 调用验证命令
- 成功 → git commit + 记录
- 失败 → git revert
- 判断是否继续（迭代次数/收敛检测）
输出摘要

使用方式

自动迭代 [目标描述] [验证命令]

示例：

自动迭代 优化性能瓶颈 make test
自动迭代 修复所有lint错误 ./scripts/lint.sh

配置说明

config.json 控制循环行为：

{
  "max_iterations": 50,
  "verify_command": "",
  "scope_globs": ["**/*.py", "**/*.js"],
  "convergence_threshold": 3,
  "commit_each_success": true,
  "revert_on_fail": true
}

非侵入设计

只通过 exec 调用脚本
不修改 OpenClaw 内核
状态持久化在本地文件

状态文件

每次迭代的状态保存在 ~/.openclaw/tmp/autoresearch-loop-state.json：

{
  "goal": "优化性能",
  "verify_command": "make test",
  "iteration": 5,
  "successes": 3,
  "failures": 2,
  "last_success": "2026-04-22T00:30:00Z",
  "history": [...]
}

停止条件

达到 max_iterations
连续失败超过 convergence_threshold
用户发送「停止迭代」
收敛检测（连续 N 次成功）

version

1.0.0

安全使用建议

This skill will run arbitrary shell code (it evals the CLAUDE_TASK content) and will run whatever verification command you supply; it also commits or forcibly reverts/cleans your git working tree. Only run it in a disposable or backed-up repository, or inside a container/VM. Before installing/running: (1) inspect and control the CLAUDE_TASK value the agent will receive; (2) ensure you have backups or an isolated test repo; (3) be aware that python3, git, and timeout must exist on the host; (4) consider disabling commit/revert behavior (or set revert_on_fail/commit_each_success appropriately); (5) note the scripts contain bugs/inconsistencies (e.g., state functions vs. expected 'state' command) — expect unpredictable behavior and test cautiously.

功能分析

Type: OpenClaw Skill Name: huo15-autoresearch-loop Version: 1.0.3 The skill implements an autonomous 'Modify-Verify-Repeat' loop that is inherently high-risk due to its ability to execute arbitrary commands and modify the local filesystem. Significant security vulnerabilities exist in `scripts/loop.sh` (via `eval "$CLAUDE_TASK"`) and `scripts/verify.sh` (via `bash -c "$verify_cmd"`), which allow for arbitrary command execution if the input is not strictly controlled. While these behaviors align with the stated purpose of an autonomous research agent, the lack of input sanitization and the use of powerful shell execution functions make it highly susceptible to exploitation.

能力评估

⚠ Purpose & Capability

The skill's stated purpose (autonomous modify→verify loop) matches the included scripts: it executes modification tasks, runs verification commands, and commits/reverts git. However the SKILL.md claims '非侵入设计' and '只通过 exec 调用脚本', yet the scripts perform potentially destructive git operations (git reset --hard, git clean) and eval arbitrary task content — these behaviors are intrusive by design and should be clearly justified to users.

⚠ Instruction Scope

Runtime instructions and scripts execute arbitrary commands in two ways: eval "$CLAUDE_TASK" (executes whatever is in the CLAUDE_TASK env var) and running user-supplied verify_command with timeout. These let the skill run arbitrary shell code against the repository and system. Scripts read/write ~/.openclaw/tmp state files and call git, python3, and timeout — they also write logs and modify the repo. The SKILL.md does not fully enumerate these execution risks or the need to trust the task content.

✓ Install Mechanism

No install spec (instruction-only with included scripts). This minimizes installer risk because nothing is downloaded during install. The code will be executed when invoked, so runtime behavior (not install) is the main risk.

⚠ Credentials

The skill declares no required env vars but relies on CLAUDE_TASK (checked at runtime) as the mechanism to receive modification instructions. That env var is not declared in metadata and allows arbitrary code execution. The scripts implicitly require git, python3, and timeout binaries but do not declare them. No credentials are requested, which is consistent, but the presence of eval( CLAUDE_TASK ) is a high-risk implicit 'credential'/input point that is not surfaced in metadata.

ℹ Persistence & Privilege

The skill persists state and logs under ~/.openclaw/tmp — this is scoped to the user home and is expected. It does not request 'always: true' or modify other skills. However, it does modify the repository (commits and hard resets) which can permanently change or delete user code if run in a real project.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install huo15-autoresearch-loop
安装完成后，直接呼叫该 Skill 的名称或使用 /huo15-autoresearch-loop 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

No file changes detected for this version. - No updates or changes were made in version 1.0.3. - The skill contents remain identical to the previous version (1.0.2).

v1.0.2

v1.0.2 把本地工作态同步到 clawhub（之前本地版本号落后于 clawhub）

v1.0.1

- Added _meta.json file for skill metadata. - Updated SKILL.md with additional aliases for easier invocation. - No functional changes to core logic.

v1.0.0

Initial release of huo15-autoresearch-loop. - Implements Karpathy’s Modify → Verify → Keep/Discard → Repeat forever autonomous research loop - Supports trigger phrases such as “自动迭代”, “autoresearch”, and “跑起来别停” - Iteratively modifies code, runs verification commands, and automatically commits or reverts based on results - Configurable parameters (iterations, verification command, file scope, convergence threshold) via `config.json` - Saves iteration state and history to a local file for persistence - Provides multiple stop conditions, including max iterations, convergence, and user command

元数据

Slug huo15-autoresearch-loop

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题