Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
智能记忆触发系统
v1.0.1Intelligent system that automatically determines when to create workflow documentation based on task complexity, repetition patterns, and user intent. Transf...
⭐ 0· 110·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (detect when to create workflows) matches the instruction content (complexity scoring, repetition detection, document generation). However the docs also describe integrations with external documentation, VCS, monitoring systems and cross-agent sharing while the skill declares no credentials or config requirements — plausible as optional features, but the mismatch should be clarified.
Instruction Scope
Runtime instructions explicitly reference reading task history, generating and storing files, and specific storage locations (e.g., C:\Users\sjh65\.openclaw\workspace\workflows\ and 'root directory'). They also include logic to 'applyAutomatedUpdates' to workflows and identify 'relatedFiles' — these imply reading and writing local files and possibly modifying configuration-related documents. The skill does not limit or ask for confirmation before file writes and uses a hard-coded user path and ambiguous 'root' location.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute; lowest install risk.
Credentials
The skill requests no environment variables or credentials, yet the text describes integrations with platforms (Feishu, WeChat), version control, and monitoring systems that normally require credentials. The absence of declared creds is a mismatch — either integrations are purely advisory or the skill will prompt for/require credentials at runtime (not declared).
Persistence & Privilege
always:false and no explicit autonomous privilege escalation. However the instructions expect persistent storage of generated workflows in user directories and auto-update behavior (applyAutomatedUpdates) which gives the skill the ability to modify files over time; the skill does not declare limits or require user confirmation for writes.
What to consider before installing
This is an instruction-only skill that appears to genuinely aim to create workflow documents, but it contains a few mismatches you should consider before installing:
- File writes: The docs specify exact storage paths (C:\Users\sjh65\.openclaw\workspace\workflows\) and even suggest saving to the filesystem 'root'. Confirm where the agent will actually write files and require it to ask for permission before creating or modifying files, especially outside a dedicated workspace.
- Integrations & credentials: The skill mentions connecting to Feishu/WeChat, VCS and monitoring systems but declares no credentials. Ask how integrations are authorized and ensure the skill will not solicit or store secrets without explicit, documented intent.
- Automated updates: Pseudocode describing 'applyAutomatedUpdates' implies the agent may edit existing workflow files. If you allow this skill, limit its write scope (a dedicated workflows folder) and require manual review for automated edits.
Recommendations: test the skill in a sandbox account or restricted environment first; require the agent to prompt before any filesystem or config changes; confirm exact storage paths and remove any hard-coded home/root paths; and clarify how external integrations will be authorized and where credentials (if any) will be stored or used.Like a lobster shell, security has layers — review code before you run it.
automationvk971kwq9z9kq48xmq0gvz1z0zd8340n3chinesevk971kwq9z9kq48xmq0gvz1z0zd8340n3latestvk975nwdc8zh8xdhdhqnf5wqhcd837arvmemoryvk971kwq9z9kq48xmq0gvz1z0zd8340n3workflowvk971kwq9z9kq48xmq0gvz1z0zd8340n3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.