Dual Thinking
v8.4.1Second-opinion consultation plus automatic skill-engineering escalation for reviews, rewrites, hardening, weak-model optimization, packaging, testing, and pu...
⭐ 0· 351·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (second-opinion + automatic skill engineering) matches the contents: the SKILL.md describes review, patching, validation, packaging, and multi-orchestrator consultation. Declared surface (no env vars, no installs) is plausible for a purely instruction-driven reviewer that expects repository access and to call external consultants.
Instruction Scope
SKILL.md explicitly instructs the agent to paste the real artifact inline before consultant calls, to run validators/tests (python3/bash/node examples in the PACKAGING_CHECKLIST), and to apply patches to real files. These actions are consistent with the stated purpose but carry privacy/exfiltration risk because full artifact text may be sent to external consultants; also some checklist commands reference absolute environment-specific paths that may attempt to read local files.
Install Mechanism
There is no install spec and no external downloads — the skill is instruction-only and ships only docs/tests. Low install risk.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, runtime examples reference running local validators and an absolute node require path (/home/irtual/...) and workspace paths; these are environment-specific assumptions and could cause the agent to attempt filesystem access when running the recommended checks. That behavior is plausible for a packager/validator but the path hardcoding is suspiciously environment-tied and should be reviewed before executing commands.
Persistence & Privilege
always: false and default autonomous invocation are normal. The skill instructs agents to patch files, run tests, and update state, which is expected for a skill-engineering helper. No special platform privileges are requested.
Assessment
This skill appears to be what it says: a structured review-and-patch method for skills. Before you run it, consider: 1) Privacy: the method requires pasting full artifact text into consultant prompts — if your agent forwards those prompts to external LLM services, secrets (API keys, private configs, proprietary code) could be exposed. Avoid pasting secrets or run in a private/sandboxed environment. 2) Filesystem actions: the skill expects to run validators and apply patches (python, bash, node commands). Inspect the referenced test scripts and any referenced paths (the PACKAGING_CHECKLIST includes hardcoded absolute paths) before executing; run them in an isolated CI or container if possible. 3) External consultants: confirm which external models/endpoints your agent will call and their data retention/privacy policies. 4) If you only want passive advice, use a local/or analysis-only mode (SKILL.md documents a 'local' mode) rather than the full patch/apply flow. If you want, run the tests and packaging checklist in a disposable workspace first to observe behavior. Overall this skill is coherent for its purpose but needs operational caution around data leakage and running filesystem-modifying commands.Like a lobster shell, security has layers — review code before you run it.
latestvk97btw8sgdcg7vrcsgwmtcgq2184mknj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.