Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
HAI Agent Framework
v1.0.0企业级 AI Agent 框架,支持 Hook 事件系统、自动记忆抽取和预置四种专业 Agent,实现智能任务管理与对话优化。
⭐ 0· 67·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description claims an 'enterprise AI Agent framework' with hooks, scripts, and persistent memory, but the skill bundle contains only an instruction file (no code, no install spec, no declared config paths). The README instructs users/agents to run .hai/scripts/*.py and store data in memory/, yet the skill requests no files or privileges — inconsistent with the stated purpose.
Instruction Scope
Runtime instructions tell the agent or user to execute local Python scripts (hook-executor.py, load-memory.py, conversation-analyzer.py), create hook config JSON, and automatically analyze and save conversation data to memory/. Those steps involve file I/O and executing arbitrary code on the host and imply persistent collection of user conversations, but the skill does not limit or document what data is collected, where it's stored, or whether scripts are provided or safe.
Install Mechanism
SKILL.md shows a 'clawhub install hai-agent-framework' command, but the skill has no install specification and no code files. This mismatch means either the install flow is missing from the registry entry or the documentation is inaccurate — both are risky because a user may attempt to run non-existent installers or fetch code from undocumented sources.
Credentials
No environment variables, credentials, or config paths are declared, yet the instructions reference .hai/ directories and persistent memory storage. The skill implicitly needs filesystem access to create/read .hai/scripts and memory/, but those required paths are not declared. That omission hides the real scope of data the skill will access and store.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal), but its design centers on persistent memory (L1–L4) and executing hook scripts that can run on each session. That implies persistent local state and the ability to execute code across sessions — a privacy and safety consideration even though no special platform privileges are requested in the metadata.
What to consider before installing
This package is an instruction-only README that tells users/agents to run local Python scripts and store conversation memories, but it provides no code, no installer, and doesn't declare the filesystem paths it will use. Before installing or following its instructions: (1) obtain and review the actual code repository/installer referenced by the README (do not run 'clawhub install' or execute .hai scripts from an untrusted source); (2) verify what the scripts do (especially any network calls, telemetry, or data-export) and where memory is stored and how it's protected; (3) ask the publisher to add an explicit install spec, include the script files or a canonical download URL (signed GitHub release or similar), and declare required config paths and any environment variables; (4) if you must test, run in a sandboxed environment and audit the .hai/scripts content first. If the author cannot provide the missing code/install details, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97fgpgtwmhwgg2esf7zfdzajn8442zp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.