Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
建筑学长AI工作流
v1.0.0基于建筑学长官网AI能力,搭建室内设计方案从无到有全流程自动化工作流,整合灵感搜集、AI出图、PPT生成、预算概算全环节。 当需要梳理设计方案AI工作流、测试全流程跑通、使用建筑学长AI能力时使用。
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose is to automate an end-to-end interior design workflow (download images, auto-download generated AI outputs, schedule daily fetches, generate PPTs, write files to desktop). However, the package is instruction-only with no install steps, no required binaries, and no declared access to run background/scheduled tasks or browser automation tools. That mismatch (big automated promises but no mechanism or required capabilities declared) is a red flag.
Instruction Scope
SKILL.md instructs the agent to '自动打开浏览器', '自动下载所有效果图', perform '每日定时任务自动下载', create project folders and write files to the desktop, and '调用「设计方案PPT自动生成器」' — all are operational actions that involve filesystem, web interaction, and scheduling. The instructions are high-level and vague about how to authenticate to the external site, how to perform downloads, what endpoints/tools are used, and what data is collected or retained. That grants broad discretion and scope creep without boundaries.
Install Mechanism
There is no install spec and no code files — lowest install risk. Because this is instruction-only, nothing will be automatically downloaded or written by the skill package itself.
Credentials
The skill requests no environment variables or credentials in metadata, which is proportionate on the surface. However, the runtime instructions implicitly require access to user sessions/account on the 建筑学长 website (to upload and later download generated images) and possibly local filesystem and browser automation. Those capabilities are not declared, so there is an unspoken requirement that could lead to the agent requesting sensitive access at runtime.
Persistence & Privilege
always:false (good). But SKILL.md repeatedly mentions persistent behaviors (daily scheduled downloads, automatic background tasks). As distributed, instruction-only content cannot itself create persistent background jobs; if the agent is later granted the ability to schedule tasks or run continuously, that would expand privilege. The skill does not request persistent inclusion, so the persistent behavior described is aspirational/vague.
What to consider before installing
This skill reads like a product spec promising full automation, but it contains only high-level instructions and no implementation. Before installing or enabling it, ask the author: (1) exactly how will browser automation and downloads be performed — does it require you to install a headless browser, a local agent, or give the AI remote control of your browser? (2) Will it set up scheduled/background tasks (cron, Windows Task Scheduler, or a hosted service)? (3) Where will files be stored (paths) and will the agent ask before writing to desktop or other folders? (4) Does it need a login/session/cookie for 建筑学长, and how are those credentials handled? (5) What external endpoints or third‑party services (e.g., PPT generator, image sources) will it call, and are those trusted? If you plan to try it: run it in a sandbox or test account, do not grant broad filesystem or browser control without confirmation, and verify any automatic download/scheduling behavior first. The lack of technical detail is the main risk — it could be benign guidance for a human operator, or it could be a plan that expects elevated automation privileges that you should not grant lightly.Like a lobster shell, security has layers — review code before you run it.
latestvk971bky0bex1ne6g00pv750aes84vn5g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.