Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Exponential Growth System
v1.0.0AI Agent 指数级成长系统 - 从"解决问题"到"固化能力"的完整方法论。包含工具决策、错误模式库、知识固化、能力产品化的系统化流程。
⭐ 0· 98·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md describes a full workflow (record_solution, create_skill, generate reports, publish to ClawHub, many helper scripts). The codebase only includes init_growth_system.js and update_evolution.js; many scripts referenced in the instructions (record_solution.js, create_skill.js, generate_evolution_report.js, etc.) are missing. The declared requirements (Node.js, no env vars) do not account for external services mentioned (ScraperAPI, ClawHub). This is an incoherence between claimed capabilities and delivered artifacts.
Instruction Scope
Runtime instructions direct the agent/user to run many node scripts and to publish to ClawHub. The included scripts perform only local filesystem writes (creating .learnings and EVOLUTION.md). Instructions mention external services (ScraperAPI, clawhub publish) but provide no guidance or declared env vars for credentials. Also several invoked scripts referenced in SKILL.md are absent, so following the instructions will fail or require manual implementation.
Install Mechanism
There is no install spec (instruction-only / local JS files) and package.json only declares simple npm metadata and scripts. No remote downloads, no extracted archives, and the included code uses only core Node fs operations. Low install mechanism risk.
Credentials
The skill declares no required environment variables, yet the documentation examples reference third-party services (ScraperAPI) and a publish command (clawhub) that typically require API keys/tokens. That mismatch means the skill either omits necessary credential handling (oversight) or expects the agent/user to supply secrets implicitly (risk). No credentials are requested or constrained in metadata.
Persistence & Privilege
The skill is not forced-always and does not request elevated privileges. The included scripts only create files inside the working directory and do not modify other skills or global system settings. Default autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
What to consider before installing
This package documents a large, end-to-end system but only includes two simple local scripts. Before installing or running anything: 1) inspect repository files yourself (you already have init_growth_system.js and update_evolution.js—these only write local markdown files). 2) Do not run unknown scripts as root; run them in a sandboxed environment or throwaway VM. 3) Ask the publisher for the missing scripts referenced in SKILL.md or treat the package as incomplete. 4) Expect that publishing steps (clawhub publish) and integrations (ScraperAPI) will require API keys—do not supply credentials until you verify where and how they are used. 5) If you need the full described functionality, request the missing code and a clear explanation of any network calls or credential usage; otherwise treat this as a lightweight local note-taking/init tool rather than the full "exponential growth" system described.Like a lobster shell, security has layers — review code before you run it.
latestvk977b7b6n63atjpz60jrntdhd5839jsz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.