ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mental Models Cn V2.1.0 Backup

v2.6.2

💡 3秒匹配最佳思维模型 | 108个模型覆盖商业分析、投资决策、心理学、系统思考 | 告别拍脑袋决策

1· 87·0 current·0 all-time
by@gmilton09
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (a Chinese mental-models library) match the included markdown docs and templates. The package is instruction-only and asks users to read docs and use templates — coherent with purpose. However SKILL.md and INSTALL.md reference a scripts/recommend.py recommendation engine and GitHub clone workflow that do not appear in the provided file manifest, which is an inconsistency (the skill claims a runnable helper but the packaged files don't include it).
!
Instruction Scope
SKILL.md/INSTALL.md instruct the agent/user to run commands (cat files, cd into skills, run `python scripts/recommend.py`) and to clone https://github.com/openclaw/openclaw.git. Those actions are plausible for a docs-first skill, but two issues raise concern: (1) presence of detected unicode-control-chars inside SKILL.md — a known prompt-injection pattern that can try to manipulate model behavior; (2) the recommend.py script is referenced for runtime behavior but is not included in the provided manifest, so following instructions would require fetching external code (git clone) which increases risk.
Install Mechanism
There is no declared install spec in the package (lowest intrinsic risk). However INSTALL.md explicitly instructs cloning the GitHub repo and copying files into ~/.openclaw — i.e., the documented installation relies on external network fetch from GitHub rather than a packaged installer. Fetching and executing code from the remote repo (if done) is higher risk and should be inspected before running.
Credentials
The skill requests no environment variables, no binaries, and no credentials — appropriate and proportionate for a documentation/templating skill. There are no declared secrets or config-path requirements.
Persistence & Privilege
Flags show always:false and user-invocable:true. The skill does not request permanent presence or elevated platform privileges; autonomous invocation is allowed by default but is not combined with other high-risk indicators here.
Scan Findings in Context
[unicode-control-chars] unexpected: Scanner found Unicode control characters in SKILL.md. Such characters are commonly used in prompt-injection attacks to manipulate model parsing/execution. This is not expected for a plain documentation skill and should be inspected and removed or explained by the maintainer.
What to consider before installing
What to consider before installing: - The package is primarily documentation and does not request secrets, which is good. - Red flag 1: SKILL.md contains hidden unicode control characters (prompt‑injection signal). Open the file in a hex/visible-control-character viewer and remove/verify any control characters before use. Do not trust the file if you cannot explain them. - Red flag 2: The docs refer to scripts (e.g., scripts/recommend.py) and to git clone steps that are not present in the provided manifest. Do not run any python scripts or clone/execute code from the upstream repo without first reviewing that code. - If you want to use the recommendation script: get the exact script file, inspect it for network calls, eval/exec usage, shell execution, or credentials exfiltration, and run it only in an isolated sandbox. - Prefer to use the skill as read-only (open the markdown files) rather than executing scripts until you verify the external code. - Check the GitHub homepage/maintainer: verify repo commits, contributors, and recent changes. Ask the maintainer to provide the missing scripts within the skill package or to explain why external cloning is required. - If you are not comfortable auditing code or if hidden characters remain unexplained, avoid installing/running the automated parts and use only the static markdown content.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ef46zw55nasq660hr0km1y98368k6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments