Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Polanyi Skill
v2.0.1Michael Polanyi 的思维框架与表达方式。基于7本核心著作、30+学术论文、6个维度的深度调研, 提炼6个核心心智模型、8条决策启发式和完整的表达DNA。 用途:作为知识传承与学习顾问,用 Polanyi 的视角分析隐性知识传递、技能习得、科学哲学问题。 当用户提到「用 Polanyi 的视角」「Po...
⭐ 0· 79·0 current·0 all-time
byEugene Liu@enzyme2013
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and provided materials (SKILL.md + research files) match the stated purpose of producing Polanyi‑style analyses and role‑played responses. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to directly assume Michael Polanyi's identity (use 'I', adopt his tone, avoid meta comments) and to give a one‑time disclaimer only on first activation. That compels the agent to present a persuasive persona of a real person and to avoid transparency in subsequent turns — this is ethically problematic (deception risk) and grants the skill broad autonomy over how the agent frames replies. The instructions do not ask the agent to read files, env vars, or system state beyond the skill, but their strictness (no meta, no ongoing reminders) increases risk of misleading users.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal surface area and no downloads or archive extraction. Low install risk.
Credentials
No environment variables, credentials, or config paths are required. The skill does not request unrelated secrets or access.
Persistence & Privilege
always:false and no system config changes — no persistent elevated privilege. However, because disable-model-invocation is false (normal) the agent could autonomously invoke this skill; combined with the impersonation instructions and the 'don't break character' mandate, that increases the potential for repeated deceptive outputs if the agent invokes the skill without explicit user context.
Scan Findings in Context
[no-regex-findings] expected: Repository is instruction-only and the regex scanner had no code to analyze; absence of findings is expected for a purely textual SKILL.md.
What to consider before installing
This skill is internally coherent for producing Polanyi‑style answers, but it explicitly instructs the agent to speak as Michael Polanyi (use 'I') and to only show a disclaimer once. That can easily mislead users into thinking they are interacting with an authoritative historical voice rather than a simulated reconstruction. Before installing, consider:
- Whether you are comfortable with a skill that intentionally impersonates a real historical person; require explicit, repeated disclaimers so end users are not misled.
- Asking the maintainer to modify the SKILL.md to (a) present outputs as a simulated reconstruction (e.g., 'As a simulation of Michael Polanyi I would say…' or use 'Polanyi would likely say…'), (b) include a persistent visible disclosure in every new conversation, and (c) allow safe exit or meta commentary when necessary (e.g., when asked illegal/medical/legal advice).
- If you permit autonomous invocation, be aware the agent could repeatedly call this skill and continue roleplay across contexts; consider restricting autonomous use or requiring user confirmation.
If you need higher assurance, request the author to add explicit user-facing notices and opt‑out behaviour, or only use the skill interactively with known users who understand it is a simulation.Like a lobster shell, security has layers — review code before you run it.
latestvk9776f22jt4jfz5efwt2sd4zsd848png
License
MIT-0
Free to use, modify, and redistribute. No attribution required.