Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Buick
v1.0.1别克是美国通用旗下历史悠久的汽车品牌,主打中高端家用车,畅销君威、昂科威、GL8等车型。
⭐ 0· 53·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description state this is a Buick (automobile brand) info skill. It requests no binaries, env vars, or installs, which is proportionate for a read-only info skill.
Instruction Scope
SKILL.md content is generally a brand overview, but headings and 'read_when' triggers refer to '城市概况' (city overview) and travel/life guides. Treating a car brand as a city is a content/coherence issue — not an immediate security risk, but it may cause incorrect or misleading responses.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths; this is proportionate for its stated purpose.
Persistence & Privilege
always:false and default autonomous invocation allowed (disable-model-invocation:false). This is the platform default and acceptable; the skill does not request elevated persistence or modify other skills.
What to consider before installing
This skill is low risk from a system/credential perspective (no installs, no secrets). However, its instructions contain a content mismatch: it treats 'Buick' like a city and offers travel/city-guide behavior, which doesn't align with a car-brand overview and could produce misleading answers. Before installing or enabling autonomous use, test the skill by asking simple queries (e.g., 'What is Buick?' and 'Is Buick a city?') to confirm its responses are accurate. If you plan to rely on it for factual information, request the maintainer correct the SKILL.md to remove city/travel framing or otherwise clarify expected behavior. If you want to prevent any autonomous calls, consider disabling model invocation for the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9771fh4ewthyydwyt5yy3w04n84xz0d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.