Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Zhua Metacognition
v1.0.0爪爪元认知系统 —— 思考自己的思考、监控认知过程、优化决策质量。Use when 爪爪需要反思自己的思维过程、优化认知策略、或提升决策质量。
⭐ 0· 145·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to implement a metacognition system with monitoring, strategy selection, explanation, and optimization. However, the repository contains only placeholder docs and assets plus one example script; the concrete scripts named in SKILL.md (monitor_cognition.py, select_strategy.py, explain_reasoning.py, optimize_cognition.py) are not present. This mismatch suggests the package is incomplete or poorly packaged relative to its stated purpose.
Instruction Scope
SKILL.md directs the agent to run specific python scripts via bash commands, but those scripts are absent. The instructions do not request environment variables or external endpoints, nor do they reference sensitive system paths, but the explicit invocation commands point to non-existent files (and reference additional documentation files that are also absent). Missing runtime artifacts means the instructions cannot be followed as written and could be hiding later additions or replacement scripts.
Install Mechanism
There is no install specification (instruction-only) and no downloads or install scripts. That minimizes installation risk; nothing will be written to disk by an installer provided here. The one included code file is a harmless placeholder.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. There is no evidence of requests for unrelated secrets or elevated access.
Persistence & Privilege
always is false and there are no indicators the skill requests permanent or elevated presence. The package does not attempt to modify other skills or system configuration.
What to consider before installing
This package appears incomplete rather than clearly malicious, but you should not enable or rely on it until the author provides the missing runtime scripts and the promised reference documents. Ask for: (1) the actual scripts named in SKILL.md (monitor_cognition.py, select_strategy.py, explain_reasoning.py, optimize_cognition.py) and any other runtime files; (2) an explanation of what each script does and whether they make network calls or read local files; (3) updated documentation that matches the file manifest. If you must test it before full review, run it in an isolated sandbox and verify there are no network endpoints, unexpected subprocess calls, or attempts to read environment variables or sensitive files. Because the current package is inconsistent, treat it as untrusted until reconciled.Like a lobster shell, security has layers — review code before you run it.
cognitionvk9716fpq9f70xy54fm3t48zbz98330gtlatestvk9716fpq9f70xy54fm3t48zbz98330gtmetacognitionvk9716fpq9f70xy54fm3t48zbz98330gtthinkingvk9716fpq9f70xy54fm3t48zbz98330gt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.