Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Drema — AI Dream Interpreter
v1.4.3解梦技能(周公解梦 + 心理学双轨解读)。当用户说「解梦」「周公解梦」「帮我解梦」「我做了个梦」「我昨晚梦到」「我梦见」「梦到」「做梦」「梦境」「梦境记录」「梦境日历」「梦境报告」「梦境规律」「今日运势」「今天运势」「抽签」「梦境签」「给我一签」「梦境图」「生成梦境图」「出图」「播报」「昨晚做了个梦」「昨晚做个梦...
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and runtime instructions all focus on dream interpretation, memory (dreams.json), optional image/TTS features and daily fortune; the required behaviors (saving records, generating reports, TTS) are coherent with the stated purpose.
Instruction Scope
Contains many strict runtime rules (fixed output template, mandatory single-message send with four buttons, prohibition on normal-text replies, and a requirement that internal calculations be silent). It also instructs creating and writing records at ~/.openclaw/workspace/memory/dreams/dreams.json. Those are within the skill's domain but impose rigid agent behavior and persistent local storage; the silent-calculation rule is unusual but not inherently malicious.
Install Mechanism
Instruction-only skill, no install spec, no downloads, no code files to execute. Lowest-risk install profile.
Credentials
No required environment variables are declared. The SKILL.md suggests optional TTS provider API keys (DASHSCOPE_API_KEY, OPENAI_API_KEY, ELEVENLABS_API_KEY) for voice features — these are reasonable for optional TTS but are not required by the skill. No unrelated credentials are requested.
Persistence & Privilege
The skill will create and write a dreams.json index under the user's home (~/.openclaw/workspace/memory/dreams/). Persisting user-provided dream text locally is expected for a journaling feature, but users should be aware of local storage and review file permissions and retention policy.
Assessment
This skill appears to do what it says: interpret dreams, keep a local dream log, and optionally generate TTS and images. Points to consider before installing: (1) It will create and write files to ~/.openclaw/workspace/memory/dreams/dreams.json — if you care about privacy, inspect and control that directory and backups. (2) Voice output requires optional third‑party API keys (Aliyun/Dashscope, OpenAI, ElevenLabs) — only add those keys if you trust the provider and understand their usage. (3) The skill enforces a strict message + buttons workflow (reports must be sent via the agent's message tool in a single call); this is a behavioral constraint, not an access red flag, but may affect UX. (4) The SKILL.md requires silent internal calculations (lunar/五行/daily pillars) — the results are shown but the computation details are hidden; if you want transparency about those calculations, ask the author or inspect code. If you want stronger assurance, request the skill source code (the metadata references a GitHub repo) or ask for an explicit privacy/retention policy before enabling persistent storage.Like a lobster shell, security has layers — review code before you run it.
latestvk970yp84k0b7xnz6ayf6qj3jws83tjpj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.