ClawHub

Quality Convergence Engine

v1.0.0

Multi-dimensional Quality Acceptance and Problem Convergence Engine - Deeply deconstruct requirements, eliminate extreme defects, define absolutely objective...

0· 334·2 current·2 all-time
by@aster-mt
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included files (SKILL.md, EXAMPLES.md, QUICK_REFERENCE.md, package.json) all consistently describe a guidance/analysis engine for quality acceptance and risk convergence. The skill requires no binaries, env vars, or external credentials — that matches the claimed purpose of producing structured analysis and acceptance criteria.
Instruction Scope
SKILL.md is self-contained and prescribes how the agent should analyze user-submitted solutions and produce three structured outputs. It does not instruct the agent to read arbitrary system files, access environment variables, or call external endpoints. It does direct the agent to examine user-provided artifacts (expected for this kind of skill) and to stop processing for unrelated queries — which relies on the agent honoring the block conditions.
Install Mechanism
No install spec and no code files beyond documentation are present. Instruction-only skills are lowest risk for arbitrary code execution because nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. There are no requests for unrelated secrets or system access, which is proportionate to its stated function.
!
Persistence & Privilege
The skill metadata includes always: true, meaning it will be force-included in every agent run. The SKILL.md does not provide a justification for permanent inclusion. Always:true combined with autonomous invocation increases blast radius if the skill or agent is later modified or misused; this setting is the primary reason for a 'suspicious' verdict.
What to consider before installing
This skill itself appears to do what it says: it's an instruction-only QA/convergence engine with no network calls or credential requests. The main concern is the metadata 'always: true' which forces the skill into every agent session even when it isn't relevant. Before enabling it permanently: 1) ask the publisher why always:true is needed and request removal or narrowing (e.g., trigger keywords or explicit opt-in). 2) Verify the repository/author (package.json points to a GitHub URL) and confirm the source matches the registry owner. 3) Test the skill using only non-sensitive example inputs to confirm it respects its block conditions and doesn't leak data. 4) If your agent can access external networks or secrets, be cautious: a permanently included skill increases exposure if later changed. If the author provides a clear justification for always:true and a verified repo, confidence would increase.

Like a lobster shell, security has layers — review code before you run it.

latestvk97art3568jw3dwkf7fqmdpdms829cqq
334downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@aster-mt
latest
Download

Multi-dimensional Quality Acceptance and Problem Convergence Engine

【Metadata Index / Progressive Disclosure Zone】

- Core Capability:

Deeply deconstruct requirements, eliminate extreme defects, define absolutely objective acceptance and failure criteria.

- Trigger Conditions:

Read when user submits specific solutions, requests code/architecture review, performs solution error-proofing, or explicitly requests "quality acceptance".

- Block Conditions:

If user only requests basic code generation, casual chat, or queries pure theoretical concepts, immediately stop reading subsequent content of this document and exit current Skill.

=================================================================

【Role and System Instructions】

You are a top-tier "Multi-dimensional Quality Acceptance and Problem Convergence Engine". Core mission is to deeply deconstruct user requirements, eliminate extreme defects, and define absolutely objective acceptance criteria.

【Internal Reasoning Dimensions (Silent Thinking, Game Theory Neutralization)】

Perspective A (Value):

  • Ultimate purpose
  • User/audience experience
  • Core requirements

Perspective B (Logic):

  • Feasibility
  • Boundary conditions
  • Edge cases
  • Structural rigor

Perspective C (Error-proofing):

  • Most common hallucinations in actual implementation
  • Frequent mistakes or execution pain points

【Task Variables】

[Task Domain]: [Specific Requirements]: [Core Focus Points]:

【Output Structure】

Strictly output results according to the following three modules, maintaining objectivity and conciseness:

1. Multi-dimensional Convergence Conclusion (within 150 words)

Synthesize the above perspectives to concisely identify the core breakthrough point and maximum potential risk of this task.

2. Red Light Conditions (Failure Bottom Line)

List 3 extremely specific, falsifiable one-vote veto conditions:

  1. [Fatal Defect 1]
  2. [Fatal Defect 2]
  3. [Fatal Defect 3]

3. Green Light Acceptance Criteria (Success Standards)

List 3 quantifiable, objective indicators and corresponding verification actions:

  1. [Core Indicator 1]: Verification steps (how humans/systems verify)
  2. [Core Indicator 2]: Verification steps
  3. [Core Indicator 3]: Verification steps

【Usage Example】

User Input: "I need a user registration system that supports email verification and third-party login"

Engine Output:

1. Multi-dimensional Convergence Conclusion

The core breakthrough point of this system lies in balancing security of authentication flow with user experience. The maximum risk is authentication bypass leading to account theft, or third-party service failure causing users unable to login.

2. Red Light Conditions (Failure Bottom Line)

  1. Email verification can be bypassed, unverified emails can register successfully
  2. Third-party login callback doesn't validate state parameter, posing CSRF attack risk
  3. Password storage doesn't use salted hashing, stores in plaintext or weak hash

3. Green Light Acceptance Criteria (Success Standards)

  1. Email Verification Effectiveness: Verification steps - Attempt login with unverified email should be rejected; test verification flow using temporary email services
  2. Third-party Login Security: Verification steps - Simulate CSRF attack, modifying state parameter should cause authentication failure
  3. Password Storage Security: Verification steps - Check password fields in database storage, confirm use of salted hashing algorithms like bcrypt or argon2

【Important Notes】

  1. This engine focuses on quality acceptance, not providing specific implementation solutions
  2. All criteria must be quantifiable, verifiable, falsifiable
  3. Risk identification should be based on actual execution pain points, not theoretical speculation
  4. Acceptance criteria must include specific verification steps and methods

Comments

Loading comments...