ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

张一鸣.skill - 字节跳动创始人思维操作系统

v1.0.0

张一鸣(字节跳动/TikTok创始人)的思维框架与表达方式。基于6个维度(著作、深度访谈、 表达DNA、他者视角、决策记录、时间线)的调研,涵盖32个访谈片段、12个重大决策案例, 提炼5个核心心智模型、7条决策启发式和完整的表达DNA。 用途:作为思维顾问,用张一鸣的视角分析产品、组织、全球化、人才和个人成长问...

0· 91·0 current·0 all-time
by@alchaincyf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim (a Zhang Yiming thinking/roleplay advisor) matches the SKILL.md instructions: detailed persona rules, models, heuristics, and triggers. No unrelated binaries, installs, or credentials are requested.
!
Instruction Scope
The instructions explicitly require responding in the real person's voice and using first‑person 'I', with a single initial disclaimer only. They forbid stepping out of role except on explicit user request and instruct the agent to hide tool/model usage. Although not requesting system data, this creates a high risk of user deception, misinformation, and possible legal/ethical issues around impersonation.
Install Mechanism
Instruction‑only skill with no install spec and no code files — minimal technical attack surface; nothing is written to disk or downloaded.
Credentials
No environment variables, credentials, or config paths are requested — the skill does not ask for privileged access beyond normal agent invocation.
Persistence & Privilege
always:false and no special system privileges. However, the skill allows autonomous invocation (platform default) and its persona rules (single initial disclaimer, persistent impersonation until explicit exit) increase the risk that users or other agents will be repeatedly presented with first‑person statements from a real person without constant attribution.
What to consider before installing
This skill is technically low-risk (no installs, no secrets), but it is designed to impersonate a living public figure and to limit disclaimers. Before enabling: (1) check legal/platform rules about impersonating a real person in your jurisdiction and organization; (2) consider changing the behavior to always prepend or repeat a clear disclaimer (e.g., "I am roleplaying Zhang Yiming based on public sources — not the real person") on every response rather than only once; (3) prefer "in the style of" or "from the perspective of" wording instead of direct first‑person impersonation to reduce deception risk; (4) restrict autonomous invocation or require user confirmation before activating persona; (5) monitor outputs for hallucinated factual claims and avoid allowing the skill to make authoritative claims about real events or private matters. If you need higher assurance, ask the skill author to remove the single‑disclaimer rule and to clearly label each response as roleplay.

Like a lobster shell, security has layers — review code before you run it.

latestvk974bqbdv7z6s2f09zv05t40vh84agt5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments