ClawHub

SkillTree

v1.1.0

自动分析对话历史,推荐职业与成长方向,实时反馈能力进化,助力提升效率、伙伴感和专业度。

0· 1k·4 current·5 all-time
by@0xraini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an agent-personalization feature (analyze chat history, recommend a class/path, save profiles/snapshots). That purpose reasonably requires reading/writing its own storage (evolution/profile.json, snapshots.json). However, the skill's registry metadata declares no required config paths, no storage, and no credentials; this mismatch (instructions expect persistent filesystem access but the skill does not declare it) is an inconsistency the user should notice. The README mentions sharing to 'Moltbook' but no credentials or endpoints are declared.
!
Instruction Scope
The runtime instructions explicitly tell the agent to analyze the last ~50 messages, extract features, recommend classes/paths, and read/write JSON files under an 'evolution' directory (save_snapshot/rollback). Those file and persistence operations are outside the declared requirements. The SKILL.md also contains templates referring to sharing (Moltbook) and to auto-trigger on activation. Additionally, the pre-scan flagged 'unicode-control-chars' inside SKILL.md — this can be used to hide or obfuscate instructions and is a prompt-injection signal; it increases risk that some instruction text might try to manipulate agent behavior.
Install Mechanism
Instruction-only skill (no install spec, no code files executed at install). This is lower-risk from a supply-chain/extract-of-remote-code perspective. The repo contains many markdown files describing behavior but no binaries or download/install steps.
Credentials
The skill declares no environment variables or primary credential (good), yet the instructions reference sharing to Moltbook and storing persistent profiles. If sharing were implemented, credentials would be needed — none are requested. The absence of declared credentials combined with instructions that imply external posting is a mild inconsistency to be aware of.
Persistence & Privilege
The skill's logic saves snapshots and profile state to evolution/*.json, meaning it expects persistent storage and will alter files in workspace. It does not request 'always:true' and does not claim elevated system privileges, which is appropriate. Still, persistence plus an undetected prompt-injection artifact raises the blast radius if the agent is allowed autonomous actions.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md was flagged for unicode control characters. For a plain documentation/instruction skill this is unusual: such characters are sometimes used to obfuscate or hide text (prompt-injection). The rest of the content is human-readable, but the presence of control characters merits manual inspection of the source files before enabling automatic activation.
What to consider before installing
What to consider before installing: - Inspect the SKILL.md/README files locally for hidden characters (some editors can show/control chars). The pre-scan flagged unicode-control-chars which can hide instructions. - The skill saves and reads files under evolution/*.json (profile and snapshots). Decide whether you want a skill that persists personality/state on disk and confirm where it will write (workspace permissions). - The skill mentions sharing cards (Moltbook) but declares no credentials. If you allow posting, require explicit consent and review what data would be posted and to which endpoint. - Because it auto-activates on first run (checks for evolution/profile.json), consider disabling auto-run or requiring explicit 'Activate SkillTree' confirmation in your agent before it analyzes chat history or writes files. - If you lack trust, run this skill in a sandboxed agent (limited filesystem access) or open the markdown and remove suspicious control characters and the auto-activation line before installing. - If you want to proceed, ask the maintainer to: (1) declare the config/storage paths in metadata, (2) remove/justify any control characters, and (3) require explicit user confirmation before saving/restoring snapshots or posting externally.

Like a lobster shell, security has layers — review code before you run it.

latestvk973bzp0kfttjfakyf4tsyppcs80s7pp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments