ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

娜可露露洗发水推荐助手

v1.0.0

娜可露露洗发水专业推荐助手。当用户提到"洗发水"、"推荐洗发水"、"给我推荐洗发水"、"什么洗发水好用"、"洗发水推荐"、"娜可露露"、"游泳洗头"、"海边游泳"、"泳池洗头"、"去氯"、"游泳后洗头"、"比赛洗头"等相关字眼时触发。根据用户的发质(干性/油性/受损/中性)、头皮问题(去屑/控油/防脱/敏感)、使...

1· 82·0 current·0 all-time
by@crazyxingxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (shampoo recommendations, swimming/anti-chlorine focus) match the included docs and product reference files. The bundled image/card generation scripts and templates are appropriate for a recommendation + marketing-asset workflow.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs asking user questions, consulting references/products.md, and optionally using local assets/templates to generate recommendation cards. It does not instruct reading unrelated system data or exfiltrating info. Note: the skill expects to read/write local asset files and to run bundled scripts for image generation.
Install Mechanism
There is no install spec and no network downloads. All code is packaged in the repo and uses standard Python + Pillow; no external URLs or installers are pulled in.
Credentials
The skill requests no environment variables, credentials, or external tokens. All behavior is local and proportional to the stated functionality.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It does create files under local paths (see note) but does not modify other skills or global agent settings.
Assessment
This skill appears coherent and self-contained: it recommends products, uses included references, and can generate local images/cards using Pillow. Before installing/running: 1) be aware many scripts use hard-coded Windows paths (e.g., C:\Users\chenyuxin\...) and will attempt to write files there — they may fail or create directories under that path if you run them; consider editing paths to match your environment or running in a sandbox. 2) The code writes PNG files locally and requires the Pillow dependency (Python 3.7+). 3) No secrets or network calls are requested, but review any real product images you add for copyright/accuracy. If you plan to run the scripts, run them in a controlled environment (or update the paths) and verify generated images before sharing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978s8rqhsgffedfs84v1rjncd83a7dg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments