Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Brainstorm
v1.0.1引导梳理模糊想法,分三步完成需求澄清、方案对比和设计细化,适用于新功能规划和技术选型。
⭐ 0· 96·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (brainstorming, design guidance) aligns with included templates and a small helper script to initialize design docs. However, SKILL.md metadata declares python3 as a required binary while the registry-level requirements list none — this mismatch is an internal inconsistency that should be clarified.
Instruction Scope
Runtime instructions stay within the stated purpose: guiding conversation, producing design docs, and suggesting writing files under docs/plans and committing to git. The skill suggests the agent should 'look at related code and docs' (reasonable for context) and the included script creates files; there are no instructions to read unrelated secrets or transmit data externally.
Install Mechanism
No install spec is provided (instruction-only), which is low-risk. The only code file is a small Python script included in the bundle (no downloads or external installers).
Credentials
The skill does not request environment variables, credentials, or external tokens. It does recommend committing to git, which may rely on the user's existing git credentials but the skill does not demand any secrets itself.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges. The included script writes files into docs/plans (its own scope) but does not modify other skills or system-wide agent settings.
What to consider before installing
This skill is mostly harmless and matches its description, but check two things before installing: 1) Metadata mismatch — SKILL.md lists python3 as required while registry requirements show none; ensure python3 is available if you plan to use the included script. 2) The bundle includes scripts/init_design_doc.py which will create files under docs/plans when run — review that script (it's short and benign) and confirm you want the skill or agent to write/commit files to your repository. If you don't want automatic file creation, avoid running the script and use the templates manually. Finally, because the skill's source/homepage are unknown, prefer installing only if you trust the publisher or after reviewing the files (you already have them) for any unexpected changes.Like a lobster shell, security has layers — review code before you run it.
latestvk97fhfqgj23r5d2ct0x0wa6sg583pk56
License
MIT-0
Free to use, modify, and redistribute. No attribution required.