Loki Mode by Autonomi. Autonomous spec-to-product system: takes a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief to a deployed app via the RARV-C closure loop with 8 quality gates. Provider-agnostic (Claude Code, OpenAI Codex, Cline, Aider).
- capability exposureinferred+35
- recent driftinferred+12
- tool safetyinferred+12
- trust mitigatorsmixed−3
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 16m ago · see ecosystem CVEs →
No known CVEs for this server.
- highdangerous code
suspicious bundled script in 4 file(s)
analyzed v7.57.0 · analyzer v18 · 2h ago
skills & prompt files 4
- skillpackage/SKILL.md
- skillpackage/integrations/openclaw/SKILL.md
- agent-rulespackage/references/agents.md
- agent-rulespackage/skills/agents.md
danger signals4
- suspicious bundled scriptsuspicious bundled scriptpackage/autonomy/lib/claude-flags.sh:528
# curl|bash path delegates to `npx -y github:JuliusBrussee/caveman#<ref>`. We - suspicious bundled scriptsuspicious bundled scriptpackage/autonomy/run.sh:523
eval "$(_LOKI_SETTINGS_FILE="$settings_file" python3 -c " - suspicious bundled scriptsuspicious bundled scriptpackage/autonomy/sandbox.sh:189
log_error " Linux: curl -fsSL https://get.docker.com | sh" - suspicious bundled scriptsuspicious bundled scriptpackage/autonomy/serve.sh:125
echo " curl -fsSL https://deno.land/install.sh | sh"
- recent drift+12 capability drift →
[](https://mcpobservatory.com/servers/npm:loki-mode/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of asklokesh.