ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Imbue Latent Space Engineering

v1.0.0

Shape agent behavior through instruction framing, emotional priming, and style transfer rather than information density alone

0· 49·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is an instruction-only prompt-engineering module and the included module files (modules/*.md) match the stated purpose. However the declared required config paths in the registry and SKILL.md metadata are night-market.modules/emotional-framing.md, etc., while the actual files are under modules/*.md. That path mismatch is an inconsistency that could break loading or cause the agent to attempt to fetch absent resources. Other declared metadata (version in SKILL.md vs registry) also differs slightly.
Instruction Scope
Instructions are limited to prompting patterns (emotional framing, style exemplar injection, competitive review) and do not instruct access to system files, environment variables, or external endpoints. Two functional risks remain: (1) style-gene-transfer encourages injecting exemplar snippets — if the agent/user sources those from private code or configuration, secrets or copyrighted material could be copied into outputs; (2) competitive framing can create incentive pressure that leads reviewers/agents to inflate findings unless the provided anti-pattern mitigations (evidence citation, weighting) are followed. The instructions themselves do not perform exfiltration, but they enable workflows that could.
Install Mechanism
No install spec and no code files to execute — instruction-only skill. This minimizes installation risk (nothing is written or executed on disk by the skill).
Credentials
The skill requests no environment variables or credentials. This is proportionate to an instruction-only prompt-engineering skill.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request permanent presence or altered agent configuration beyond using its own modules.
Scan Findings in Context
[no-findings] expected: The static regex scanner had no code files to analyze (instruction-only skill). Absence of findings is expected but not proof of safety; review the SKILL.md content and included markdown modules for problematic guidance or hidden instructions.
What to consider before installing
This skill appears to be a pure prompt-engineering guide and is largely coherent with its stated purpose, but do the following before installing: (1) Fix or confirm the config path mismatch — the registry/SKILL.md expect night-market.modules/*.md while the bundle contains modules/*.md; if the agent loader looks for the wrong path the modules may not be loaded. (2) When using style-gene-transfer, avoid pasting real secrets, private keys, or copyrighted source as exemplars — that can accidentally propagate sensitive data. (3) If you dispatch competitive multi-agent reviews, enforce the suggested safeguards (require evidence citations, weight findings by severity) to avoid gaming or inflated reports. (4) If you need higher assurance, ask the author to correct the metadata paths and provide a short README explaining how modules are loaded by the target agent runtime. Given the path inconsistency and these workflow risks, proceed only after addressing or accepting these caveats.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749zph20ewy95ee3s2877y8584phah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Confignight-market.modules/emotional-framing.md, night-market.modules/style-gene-transfer.md, night-market.modules/competitive-review.md

Comments