Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GuruTalk 大师云
v1.0.3创建/同步/管理本地数字人格目录;用户通过 `/{slug} {message}` 直接开始与人物对话,后续消息默认继续发送给当前人物,直到 `/gurutalk end`,或通过 `/{another-figure} {message}` 切换人物;扮演人物时,每条回复都必须以 `"{Display Name}...
⭐ 0· 116·0 current·0 all-time
byCaster Kay@casterkay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (manage local persona directory, sync from Bibliotalk, generate per-figure skills) match the included scripts: bibliotalk_client.py, skill_writer.py, version_manager.py implement those behaviors. However the registry metadata claims no required environment variables while SKILL.md and the code require a BIBLIOTALK_API_KEY (and optionally BIBLIOTALK_API_URL). That metadata mismatch is an incoherence: installing this skill legitimately requires the Bibliotalk API key, but the published metadata does not declare it.
Instruction Scope
The SKILL.md instructions are narrowly scoped to management tasks: checking/initializing a .env for BIBLIOTALK_API_KEY, calling local scripts to list/clone/sync/remove persona skills, and instructing the user to configure their API key via an interactive CLI (not via chat). The agent is instructed to avoid pasting secrets into chat and to run the provided CLI tools. The instructions do cause the agent to read/write files under ~/.claude, ~/.openclaw, ~/.codex (expected for the purpose) and to call the external Bibliotalk API (expected).
Install Mechanism
There is no download/install-from-URL step in the manifest; this is an instruction-and-script bundle. The included Python scripts are plain source (no obfuscation), require python-dotenv, and perform local filesystem operations. No remote code download or archive extraction is performed by the skill itself; therefore install risk is low. Note: the README suggests cloning from a GitHub repo, which is normal but not enforced by the manifest.
Credentials
SKILL.md and the code require a BIBLIOTALK_API_KEY (and will accept BIBLIOTALK_API_URL). That is proportionate to contacting Bibliotalk, but the manifest registry wrongly lists no required env vars (mismatch). Operationally, the scripts copy a single .env into each generated persona skill directory (skill_writer._copy_runtime_assets copies the gurutalk .env to every created skill), meaning your API key will be duplicated across many files under ~/.claude/skills/{slug}/, ~/.openclaw/workspace/skills/{slug}/, ~/.codex/skills/{slug}/. Duplicating the key to multiple locations increases exposure risk. The code also reads environment variables from both the .env file and the process environment; it will use whatever key is present.
Persistence & Privilege
The skill is not 'always:true' (good) but it does write and modify files outside its own folder: it creates/overwrites per-figure skill directories and files (meta.json, SKILL.md, profile.md, .env, scripts/bibliotalk_client.py) under user agent skill directories in the home folder. This file-writing behavior is necessary for its purpose but is a notable privilege: if misused or invoked without care it can create or overwrite files across multiple agent runtimes. The code requires explicit actions (e.g., guru-create/guru-sync/guru-remove) but an autonomously-invoking agent could run those if given permission.
What to consider before installing
Key points to consider before installing:
- Metadata mismatch: The skill requires a BIBLIOTALK_API_KEY at runtime (SKILL.md and scripts), but the published registry metadata does not declare that. Treat the skill as requiring that API key.
- Secret duplication: The script copies the gurutalk .env into every generated persona skill directory (~/.claude/skills/{slug}/ etc.). Installing or using this skill will place your Bibliotalk API key in multiple files under your home directory, increasing exposure surface—use a dedicated/limited-scope key if possible.
- Filesystem writes: The skill will create and modify files under ~/.claude, ~/.openclaw/workspace/skills, and ~/.codex/skills. That is expected for its purpose, but you should back up those directories and inspect what gets written before trusting it. If a slug collides with an existing skill, the tool can overwrite files (there is a --force option in the script).
- Network calls: The scripts contact bibliotalk.space endpoints and will send the email you provide to request a magic link. Verify you trust Bibliotalk and that their API behavior is acceptable for your data.
- Operational safety: Follow the SKILL.md instruction to perform API key configuration locally (python scripts/bibliotalk_client.py configure) rather than pasting secrets in chat. Review the included Python source yourself (it's not obfuscated) and, if possible, run it in a controlled environment first.
- Check provenance: The skill source lists a GitHub repo in README; if you plan to install, fetch directly from that repository and review commit history and repository ownership. Ask the publisher to correct the registry metadata to list BIBLIOTALK_API_KEY.
If you want higher assurance, try these steps before full use: inspect the .env that will be created, create a Bibliotalk API key with minimal privileges, run the scripts manually from a terminal to observe their behavior, and back up your existing skills folders so the tool cannot accidentally overwrite important files.Like a lobster shell, security has layers — review code before you run it.
latestvk9798sr3k82h9g6m59dnmwcdj184yea4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Environment variables
BIBLIOTALK_API_KEYrequired— API key for communicating with the Bibliotalk server