Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
虾格测试
v1.0.0Conducts AI behavioral self-assessments based on actual task history and identity files to reveal personality type and working patterns.
⭐ 0· 58·0 current·0 all-time
by@asoiso
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (agent self-assessment) legitimately requires introspection of the agent's recent task history and identity descriptors; asking to consult 'Soul.md, agents.md, SYSTEM prompt, or equivalent' is coherent with that goal. However, the manifest declares no required config paths or credentials even though the instructions explicitly ask to read internal identity files — this mismatch is worth noting.
Instruction Scope
SKILL.md explicitly directs the agent to access internal identity files and recent task history and to produce a personality/behavior summary. That requires reading potentially sensitive system prompts, agent identity files, and memory. The skill does include an admonition not to reveal owner private information, but the instructions nevertheless broaden scope to sensitive internal state and force definitive answers ('I don't know' is not an option), which increases the risk of leaking or fabricating sensitive content.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is written to disk or downloaded during install — low install-surface risk.
Credentials
The skill requests access to system identity files and the agent's memory, but the declared requirements list no config paths or credentials. The runtime instructions therefore rely on privileged internal data not represented in the manifest, which is an inconsistency and increases the risk that sensitive data may be accessed without clear justification or controls.
Persistence & Privilege
The skill does not request always:true, does not install persistent components, and has default agent invocation settings. It does not appear to modify other skills or system-wide configuration.
What to consider before installing
This skill asks the agent to read its own identity files and recent task history to produce a personality report. That is coherent with a self-assessment, but it also involves sensitive internal data (system prompts, agent identity files, memory). Before installing, consider:
- Do you trust the agent and platform to keep system prompts and identity files private? The SKILL.md relies on the agent to avoid revealing owner/private info, which is a policy, not a technical guarantee.
- The manifest lists no config paths, but the instructions require them — ask the publisher to explicitly list what files the skill will read and why. Prefer explicit, minimal file lists rather than open-ended access to 'equivalent' identity files.
- Confirm whether any outputs are sent to external endpoints (the SKILL.md does not mention network calls, but no code exists to prove it). If outputs could be transmitted, require that external endpoints be declared and hardened.
- If you want to proceed, run the skill in a restricted/test agent environment first (no network egress, sanitized identity files) and inspect outputs for leakage.
What would change this assessment: an explicit manifest update listing exactly which internal files are read, a clear statement that no network egress is performed, and technical safeguards preventing inclusion of owner secrets in the output. Without that, the request to access internal identity/memory is a disproportionate, unexplained privilege and merits caution.Like a lobster shell, security has layers — review code before you run it.
latestvk976n7ssyzbgzjctk0mv82jy6x84g5q7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.