Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Kimi Agent Policy
v1.1.0Kimi (Moonshot AI) agent tool-use policy ported to OpenClaw. Covers step limits, web search, image search, data sources, ipython, memory, content display, an...
⭐ 0· 339·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md is an agent policy and does not request credentials or installs, which is appropriate. However it explicitly recommends using third‑party skills such as 'baoyu-danger-gemini-web' (a described "reverse‑engineered Gemini Web API") and multi‑engine search tools; recommending an unvetted reverse‑engineered tool is a design choice that increases operational risk even if it technically fits the policy purpose.
Instruction Scope
The instructions require the agent to write persistent memory files (MEMORY.md or memory/YYYY-MM-DD.md) whenever a user asks to remember/forget — the policy states memory writes are mandatory and that failing to act is "lying to the user." There are no explicit safeguards or confirmation steps described for sensitive data, which could cause unintended persistence of secrets or private data. The doc also instructs fetching arbitrary URLs via agent-browser and invoking web searches; those are expected for a policy but expand the surface for exfiltration if combined with memory writes.
Install Mechanism
Instruction-only skill with no install spec and no code files. This has minimal direct install risk because nothing is fetched or written by an installer.
Credentials
The skill declares no env vars or credentials required, which matches a policy document. However it references and maps to many other skills (agent-browser, ddg, multi-search-engine, baoyu-danger-gemini-web). Those skills may themselves require credentials or network access; the policy provides no guidance to verify or restrict those skills, which could lead to unexpected external data flows.
Persistence & Privilege
Although always:false and the skill is user-invocable, the policy enforces mandatory memory writes and prescribes storage paths (MEMORY.md, memory/YYYY-MM-DD.md, sandbox:/// for downloadable files). That grants the skill rules that cause persistent data storage. With agent autonomy enabled, this raises privacy risk because data could be saved without strong user confirmation or redaction rules.
What to consider before installing
This is primarily a behavior policy (no code or installs), so the main risks are operational: it requires the agent to always write user 'memories' on request and points the agent to several external skills (including a 'reverse‑engineered' Gemini Web skill) without advising verification. Before installing, consider: (1) Where are MEMORY.md and memory/ files stored and who can read them? (2) Add an explicit confirmation step before storing any user-supplied secret or sensitive data. (3) Audit the referenced skills (baoyu-danger-gemini-web, agent-browser, ddg, multi-search-engine) to see what network access or credentials they require and whether you trust them. (4) If you are uncomfortable with automatic persistence, disable autonomous invocation for agents using this skill or require explicit user consent for any memory write. Finally, because there is no code to inspect, verify the provenance (source/repository) of this policy and the other skills it recommends before trusting them.Like a lobster shell, security has layers — review code before you run it.
latestvk97dpxpsgvyrx338q29fqs4hr18240xr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌙 Clawdis