Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
luban-skill
v1.0.0操作Luban游戏配置表,支持枚举、Bean、数据表的增删改查。【强制使用场景】当用户提到以下任意关键词时必须使用此技能:配置表、数据表、道具表、技能表、奖励表、活动表、Excel表、xlsx、枚举、Bean、字段、数据行、表结构、导表、Luban、游戏配置、修改配置、改表、新增道具、添加技能、策划配置、游戏数据...
⭐ 0· 84·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, CLI usage, and included Python code all focus on reading and editing Luban-style Excel/JSON configuration tables. Required tooling (Python 3.8+ and openpyxl) and the provided script are proportional to this purpose; there are no unrelated required binaries, credentials, or external services.
Instruction Scope
SKILL.md and the code instruct the agent to read and modify files under a project DataTables/Datas (or whatever --data-dir is provided). The documentation enforces an explicit confirmation step for all write/delete operations (good). Read-only operations (list/get/query) are allowed to run without confirmation — expected for this use case but note that read operations will access local project files and can expose their contents to the agent.
Install Mechanism
No install spec or remote downloads are present; this is an instruction+script skill that expects the user to have/copy the skill directory and install openpyxl via pip. scripts/requirements.txt only lists openpyxl. No downloads from arbitrary URLs or extract operations were found.
Credentials
The skill requests no environment variables, credentials, or config paths. The code operates on explicit project directories passed via --data-dir and creates a local .luban_cache; there are no network endpoints, tokens, or secret-exfiltration signals in the provided files.
Persistence & Privilege
always:false (no forced global inclusion). The skill may be invoked autonomously by the agent (platform default) which is normal — however autonomous invocation will only perform read operations without further confirmation; write/delete operations are supposed to require explicit user confirmation according to SKILL.md. The script writes cache files (.luban_cache) and modifies files under the provided data-dir when performing edits (expected behavior).
Assessment
This skill is coherent for editing Luban game configuration files, but take these precautions before installing or enabling it: 1) Ensure you run it with the correct --data-dir so it only touches the intended project files; 2) Back up your Excel/JSON configuration files before permitting write/delete operations; 3) The skill will create a local .luban_cache directory in the working folder — review its contents if needed; 4) Read the included scripts/luban_helper.py (especially any CLI entrypoints) to confirm there are no unexpected network calls in future versions; 5) If you want to avoid any automated reads, disable autonomous invocation or require manual invocation so the agent cannot run read-only queries without your explicit action; 6) If unsure, run the script in a sandbox or copy of the project to validate behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97f19n57ybrket77hzcxh2y6n83htx2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.