Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
simp-dog-skill
v1.0.0Distill a simp dog into an AI Skill. Import WeChat history, generate Simping Memory + Persona, with continuous evolution. | 把舔狗蒸馏成 AI Skill,导入微信聊天记录、朋友圈,生成舔狗...
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the implementation: the SKILL.md and included Python tools parse WeChat/QQ/social exports, analyze photos, build memory/persona, and write a new skill under ./simps/{slug}/. The file-writing, versioning, and listing utilities are coherent with the stated goal. The manifest does not request unrelated cloud credentials or system-wide access.
Instruction Scope
Runtime instructions explicitly tell the agent to read user-supplied chat exports, images, and text, run bundled Python parsers, and write new SKILL.md + memory/persona files. This matches purpose but includes actions with sensitive data (chat logs, photo EXIF/GPS). Also the skill_writer creates/synchronizes generated SKILL.md into a .trae/skills path so generated skills become active immediately — the instructions therefore modify local agent skill state. SKILL.md contains a detected 'unicode-control-chars' injection signal (pre-scan), and several code files show unusual token typos (e.g., 'simpif', 'simpcept') that look like obfuscation or accidental find/replace; that increases risk because it may hide intent or evade scanners.
Install Mechanism
No registry install spec is enforced by the registry entry (instruction-only), but INSTALL.md suggests cloning from GitHub (standard) and pip installing optional dependencies (Pillow). No downloads from obscure hosts or URL shorteners are present. The code bundle is included in the package; installing implies executing local Python scripts, which is expected but you should audit them first.
Credentials
The skill declares no required environment variables, binaries, or external credentials — proportional to its function. It does, however, process potentially sensitive local files (chat exports, photos) and can extract photo metadata including GPS, so the sensitivity of input data is high even if no secrets are requested.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed by default. The notable behavior: skill_writer.combine writes generated SKILL.md and also writes a copy into a .trae/skills directory to make the new skill 'immediately effective' in Trae IDE. That modifies local agent configuration and can cause the agent to gain new capabilities automatically. Combined with autonomous invocation and file-write behavior, this raises a moderate persistence/privilege concern — the skill can create new skills locally without explicit additional approval unless the .trae sync behavior is removed or restricted.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md pre-scan detected unicode control characters. Those can be used in prompt-injection or to alter rendering/parsing and are not needed for the stated purpose (parsing chat logs and building persona). This increases suspicion and warrants manual inspection of SKILL.md for hidden characters.
What to consider before installing
What to consider before installing or running this skill:
- Privacy: This tool processes chat exports and photos and writes them to ./simps/{slug}/. Only provide data you own and are comfortable storing locally; do NOT import other people's private chats without consent. Photo EXIF extraction can reveal GPS/locations — remove or inspect the photo analyzer if you do not want that.
- Code review: The repository contains multiple unusual token/typo patterns (e.g., 'simpif', 'simpcept') and the pre-scan flagged unicode control characters in SKILL.md. These could be accidental or attempts to evade scanners. Manually review the SKILL.md and all tools for hidden characters or unexpected code paths (especially any network calls or subprocess invocations) before running.
- Limit automatic activation: skill_writer.combine writes the generated SKILL.md and also syncs a copy into .trae/skills to make the new skill active immediately. If you do not want automatic activation, remove or disable the sync-to-.trae lines in tools/skill_writer.py before running.
- Run offline and sandboxed: Run the scripts in an isolated environment without network access (or after auditing) to prevent unexpected exfiltration. Prefer running on synthetic/sample data first.
- Reduce attack surface: If you don't need photo metadata or certain parsers, delete or disable tools/photo_analyzer.py and any functionality you won't use (this reduces risk from GPS extraction and buggy libraries).
- Verify dependencies: Only Pillow is optional; if installed, ensure you install it from PyPI in a virtualenv. Check requirements.txt and avoid running as root.
- Consider governance: Because the agent can invoke skills autonomously, if you are worried about the agent creating/updating skills autonomously, disable autonomous invocation for this skill (or keep it user-invocable only) in your agent settings.
If you are not comfortable auditing the code or cannot run it sandboxed, treat this package as potentially risky and avoid installing or running it with real personal data.Like a lobster shell, security has layers — review code before you run it.
latestvk970dczm6hdx9fq8jszcbks6f984v0wd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.