ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Homeclaw

v1.0.0

家庭模式智能管家,管理健康监测、学习辅导、宠物照顾、家居控制及日程安排,服务全家人生活需求。

0· 289·2 current·2 all-time
byLeo Sheng@leocryptoflow
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a family AI housekeeper (health monitoring, tutoring, pet care, smart-home control). The declared metadata requests no binaries, env vars, or installs — that is plausible for a high-level, instruction-only skill, but the scope (integrating with wearables, smart home devices, emergency calls) normally requires device APIs/credentials or platform connectors which are not declared. This mismatch is noteworthy but could be explained if the skill relies on the host platform's connectors.
!
Instruction Scope
The SKILL.md content is high-level and does not instruct the agent to read files, access env vars, or call external endpoints directly. However, the regex scanner flagged unicode-control-chars in the SKILL.md, which can be used to hide or reorder text (a prompt-injection technique). Because hidden/obfuscated content could contain runtime directives, this is a significant concern and the raw file bytes should be inspected.
Install Mechanism
No install spec and no code files beyond a package.json and SKILL.md — lowest-risk form (instruction-only). Nothing is written to disk by an installer here.
Credentials
The skill requests no environment variables or credentials. Given its claimed integrations (health devices, smart home, emergency calls), one would normally expect access tokens, API keys, or platform-specific config. Absence of declared credentials could mean: (a) the skill delegates to host platform connectors (acceptable), or (b) the SKILL.md hides instructions for obtaining/accessing secrets (concerning given the unicode-control-chars finding).
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill does not request elevated persistence or modify other skills. Nothing here suggests excessive privilege.
Scan Findings in Context
[unicode-control-chars] unexpected: Control characters are not expected in a plain SKILL.md describing a family assistant. These characters can be used to hide or reorder text (prompt-injection). The visible content is benign, but the presence of such characters means the file should be inspected in raw form to ensure no hidden instructions or credential-exfiltration directives exist.
What to consider before installing
Proceed cautiously. Before installing: (1) ask the author for source/homepage and a clear explanation of how device integrations are implemented and what credentials (if any) will be needed; (2) obtain and inspect the raw SKILL.md bytes (not just rendered text) to confirm there are no hidden characters or obfuscated instructions; (3) do not provide any secrets/credentials until you understand exactly where they will be used and stored; (4) prefer testing in a sandboxed environment and verify the skill truly stores data locally and does not transmit health or personal data externally. If the author cannot explain the unicode-control-chars finding or the lack of required device credentials, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eq258hqhzyfnkgj71gscqpn82ne13
289downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
Leo Sheng@leocryptoflow
latest
Download

HomeClaw - 龙虾管家

一只龙虾,管理一家人。

什么是龙虾管家?

HomeClaw 是家庭模式的 AI 管家系统。与企业团队模式(一人管理多只龙虾)不同,家庭模式是一只龙虾服务全家人

┌─────────────────────────────────────────┐
│              🦞 龙虾管家                 │
│         HomeClaw Family AI              │
├─────────────────────────────────────────┤
│  👶 孩子    👴 老人    👨‍👩‍👧 父母    🐕 宠物  │
│   ↓         ↓          ↓          ↓     │
│ AI硬件   健康设备    智能家居    喂食器   │
└─────────────────────────────────────────┘

核心角色

🏥 家庭医生

  • 老人运动手环数据分析
  • 健康指标追踪与预警
  • 用药提醒与复诊安排
  • 急救联动与紧急呼叫

👨‍🏫 家庭教师

  • 小朋友 AI 学习硬件对接
  • 作业辅导与学习规划
  • 兴趣培养与习惯养成
  • 屏幕时间管理

🐾 家庭宠物管家

  • 智能喂食器控制
  • 宠物健康记录
  • 遛狗提醒与安排

🏠 智能家居中枢

  • 全屋设备统一管理
  • 场景自动化(起床/离家/回家/睡眠)
  • 能耗优化与安防监控

📅 家庭日程官

  • 纪念日提醒(生日/结婚纪念日/节日)
  • 家庭活动规划
  • 接送安排与行程协调

模式对比

维度团队模式家庭模式
结构1人 → 多龙虾1龙虾 → 多人
场景工作协作生活照护
核心效率产出温暖陪伴
数据任务/项目健康/成长/记忆

家庭成员接入

每位家庭成员通过各自设备与龙虾管家对话:

  • 小朋友:AI 学习机、儿童手表
  • 老人:健康手环、智能音箱
  • 父母:手机 App、智能家居面板
  • 全家:客厅智能屏、家庭群聊

使用场景

早晨

🦞: 早上好!爷爷今天血压正常,小明记得带美术作业,
    今天是妈妈生日,已提醒爸爸准备惊喜 🎂

放学后

👶: 龙虾龙虾,今天数学不会做
🦞: 来,我们一起看看这道题...(启动辅导模式)

深夜

🦞 → 爸爸手机: ⚠️ 爷爷心率异常,已持续5分钟,建议查看

隐私与安全

  • 所有数据本地优先存储
  • 家庭成员分级权限
  • 儿童模式内容过滤
  • 健康数据加密保护

HomeClaw — 不是冷冰冰的智能系统,是懂你家的那只龙虾 🦞❤️

Comments

Loading comments...