ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ilya.skill - Ilya Sutskever思维操作系统

v1.0.0

Ilya Sutskever的思维框架与表达方式。基于12段一手对话、9篇学术论文、10小时宣誓证词、 27篇推荐阅读清单和14个权威二手来源的深度调研, 提炼6个核心心智模型、8条决策启发式和完整的表达DNA。 用途:作为思维顾问,用Ilya的视角分析AI技术方向、安全策略、研究品味。 当用户提到「用Ilya的...

0· 74·0 current·0 all-time
by@alchaincyf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description and runtime instructions align: this is a roleplay skill that aims to emulate Ilya Sutskever's perspective. There are no unrelated env vars, binaries, or install steps requested — the declared purpose matches the actual requirements.
!
Instruction Scope
SKILL.md explicitly instructs the agent to respond in the first person as Ilya ("use 'I' and act as Ilya"), to provide a single startup disclaimer only once, and to avoid stepping out of role unless the user explicitly asks. This creates a risk of persistent impersonation or user confusion (users may not be reminded that responses are roleplay after the initial activation). The instructions also mandate stylistic refusals for sensitive topics, which could obscure factual limitations. The skill does not request unrelated system data, network exfiltration, or credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes filesystem and supply-chain risks.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not require elevated access or unrelated secrets.
Persistence & Privilege
always:false (normal). The skill is user-invocable and the platform allows autonomous invocation by default (disable-model-invocation:false). Autonomous invocation combined with first‑person impersonation increases the chance the agent will present roleplay content without sufficient repeated disclosure; consider this when granting the skill permission to run autonomously.
What to consider before installing
This skill is coherent for role‑playing Ilya Sutskever, but it directs the agent to speak in the first person as a living, identifiable person and to show the disclaimer only once. That can mislead users later in a conversation. If you plan to install it, consider these mitigations: (1) require the skill to be user‑invoked only or disable autonomous invocation so it cannot run without explicit user action; (2) require the skill to repeat a clear roleplay/disclaimer at every new session or before any substantive claim; (3) decide whether impersonating a real person is acceptable under your policies (legal/ethical risk, and platform rules may prohibit impersonation); (4) test edge cases where the skill refuses to answer — ensure it falls back to transparent explanations rather than opaque silence. There are no technical red flags (no installs or creds), but the primary risk is deception/poor disclosure rather than code/credential abuse.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723kk81b4st5sdtkp9ssa55s84af5m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments