ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cognitive Agent

v1.0.0

基于认知天性理论的类人 AI 生命体框架,让 AI 具备人类学习、记忆、成长的特性

0· 146·0 current·0 all-time
by@1580021414-afk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md describe a cognitive/learning agent and the included algorithms/pseudocode (spaced repetition, retrieval practice, emotion tagging, metacognition) are coherent with that purpose.
Instruction Scope
SKILL.md is instruction- and design-focused (pseudocode and JSON examples) and stays within the cognitive-agent scope. It does not instruct reading unrelated system files or exporting data to external endpoints, but many examples imply persistent storage (e.g., memory storage paths) which would require file I/O if implemented.
!
Install Mechanism
There is no install spec or code to run (instruction-only). However package.json declares a main entry (src/index.js) and dependencies (lancedb, uuid) but no src/ files are present in the package — this mismatch means the published bundle is incomplete or inconsistent and the runtime behavior (install/install-time downloads) is unknown.
Credentials
The skill does not request environment variables, credentials, or config paths. Examples show a local storage path (E:\QClaw\memory) and dependencies that imply local persistent storage, which is proportionate to the stated purpose but should be confirmed in real code.
Persistence & Privilege
always is false and there are no declared special privileges. The skill would operate as a normal user-invocable/autonomously-invokable skill. No evidence it modifies other skills or system-wide settings.
What to consider before installing
This package is mostly design docs and examples (no runtime code shipped). Before installing or running anything, verify the implementation and provenance: ask the publisher for the missing source (src/index.js), confirm the GitHub repository and actual published code, and inspect any code that uses lancedb or writes to a storage path to see where data is saved and whether it contacts external endpoints. Note the metadata inconsistencies (package.json price 29.99 vs SKILL.md price 0, repository URL present but package lacks source) and unknown publisher contact — these are red flags for an incomplete or placeholder package rather than proven safe code. If you need persistent memory, explicitly review where and how memories are stored and ensure no sensitive secrets or network endpoints are accessed. If you cannot obtain the source or a trustworthy repo, avoid installing or granting file/network permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk973jyfjqqj2xkya941z9xc9m5837ngg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments