Creative Inspiration Hub
v1.0.0Creative Inspiration Hub / 创意灵感孵化器. 通过跨领域组合、灵感触发、创意评估和思维导图生成,帮助创意工作者突破瓶颈。
⭐ 0· 95·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and handler.py are consistent: the skill is an ideation/mindmap mock engine that returns synthetic data. There are minor packaging inconsistencies (registry metadata/version says 1.0.0 while SKILL.md and project files use 0.1.0; package.json is a Node manifest but the implementation is Python and package.json.main points to index.js which does not exist). These are packaging sloppiness rather than indicators of malicious intent.
Instruction Scope
SKILL.md only instructs generating ideas, cross-domain combos, triggers, evaluations, and mindmaps. The runtime code implements these and returns mock data. The instructions do not ask the agent to read arbitrary user files, environment variables, system paths, or to send data to external endpoints.
Install Mechanism
No install spec is provided (instruction-only style with included Python files). No downloads or archive extraction. The only runtime dependency is Python standard library modules. This is low-risk.
Credentials
The skill declares no required environment variables, no primary credentials, and the code does not access os.environ or request secrets. This is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated persistence or modify system or other-skill configurations. It can be invoked by the agent normally and has no autonomous privileges beyond the platform default.
Assessment
This skill is a local, mock-data creative ideation helper implemented in Python and requires no credentials or external services. Before installing: (1) be aware it returns mock/sample data (SKILL.md says 'MVP 骨架' and handler.py returns synthetic outputs), so don't expect production-quality analyses; (2) packaging is slightly sloppy (package.json points to a non-existent index.js and version fields differ) — this is not a security red flag but indicates the author may not have fully polished the package; (3) run the included tests (scripts/test.py) in a safe environment to verify behavior; and (4) avoid sending sensitive secrets or private data to the skill (even though it doesn't exfiltrate or call external networks, it's best practice). If you need production-grade integrations (real data sources, persisting outputs, or networked features), request or review an updated version that documents external dependencies and includes a clear install spec.Like a lobster shell, security has layers — review code before you run it.
latestvk97f74nhqpme6p4wgjj8nw3r2984a6rq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.