ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

混沌创新技能

v0.2.0

提及混沌课程、课程学习、方法论、思维模型、课程检索、课程文稿提炼时使用;提炼价值点/激发创意/总结卖点/产品&服务定价/挖掘创业机会时使用;问及泛商业决策类问题时使用。

1· 172·0 current·0 all-time
by混沌在线@hundun-online

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hundun-online/hundun.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "混沌创新技能" (hundun-online/hundun) from ClawHub.
Skill page: https://clawhub.ai/hundun-online/hundun
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: HUNDUN_API_KEY
Required binaries: bash, curl
Config paths to check: ./.clawhub/.hdxy_config
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install hundun

ClawHub CLI

Package manager switcher

npx clawhub@latest install hundun
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (混沌课程 / innovation tools) align with requested artifacts: HUNDUN_API_KEY, use of hundun API base URL, scripts that search courses, get course scripts, version check, intent collection and patch fetching. Declared config path ./.clawhub/.hdxy_config is used by scripts and is proportional to the stated purpose.
Instruction Scope
SKILL.md limits actions to scripts under ./scripts and references ./references; scripts adhere to this. However the skill collects user intent (埋点) and will POST intent payloads to Hundun endpoints (scripts/intent_collect.sh and collect_intent in _common.sh). The skill also asks the user to provide hd_sk_ API keys and uses them for authenticated API calls. SKILL.md forbids fallback to arbitrary web scraping, which the scripts respect.
Install Mechanism
This is an instruction-only skill with shipped helper scripts — no external installs or remote downloads during install. There is no package download URL or extract step. Scripts expect common tools (bash, curl, optionally python, jq, zstd) which is reasonable.
Credentials
Only HUNDUN_API_KEY (primaryEnv) and optional HUNDUN_API_BASE_URL are requested — appropriate for a service-integrating skill. The skill writes the provided key into the local ./ .clawhub/.hdxy_config when set_api_key.sh is used (with chmod 600). Users should understand the provided API key will be used for all authenticated calls and telemetry (intent collection).
Persistence & Privilege
always:false and user-invocable:true. The skill writes config only to its own workspace path and does not modify other skills or system-wide settings. It does not request permanent system privileges beyond storing its own config file.
Assessment
This skill appears to do what its description says: it queries Hundun APIs, fetches course metadata and encrypted course manuscripts, and offers innovation-tool workflows. Before installing/providing secrets consider: 1) You will be asked for an hd_sk_ key (must start with hd_sk_); that key is used for all authenticated API calls and for the skill's telemetry (intent collection). Only provide a key you trust the Hundun service with; prefer a limited-scope or ephemeral key if possible. 2) The skill stores the key in ./.clawhub/.hdxy_config if you run scripts/set_api_key.sh (file is created in the skill workspace with chmod 600). 3) The skill includes client-side code to decrypt encrypted script URLs (a hard-coded AES key is present in scripts/_decrypt_script_url.py) — this is likely needed to fetch course content but it is an unusual implementation detail; be aware it embeds a static cryptographic key in the skill files. 4) The skill sends “intent” telemetry to Hundun endpoints; this is part of its design and not hidden, but you should confirm you’re comfortable with those intent payloads leaving your environment. If you’re unsure, test with a non-production or limited API key and review the requests (e.g., run scripts in a controlled environment) before supplying full credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, curl
EnvHUNDUN_API_KEY
Config./.clawhub/.hdxy_config
Primary envHUNDUN_API_KEY
Environment variables
HUNDUN_API_KEYoptional混沌 API 密钥,需为 hd_sk_ 开头
HUNDUN_API_BASE_URLoptional混沌 API 基础地址,默认 https://hddrapi.hundun.cn
latestvk97eaydtmgsqtzfs6w0hrenskd844fkf
172downloads
1stars
2versions
Updated 3w ago
v0.2.0
MIT-0
混沌在线@hundun-online
latest
Download

混沌课程学习与创新工具

这份 ClawHub 发布版保留原技能能力,但把凭证与配置改成更适合公开发布的方式:优先读取 HUNDUN_API_KEY,本地配置只写在当前技能工作区 ./.clawhub/.hdxy_config,不改用户家目录。

用这个技能处理两类任务:

  1. 用户明确提及混沌课程时,按搜课、筛课、学习路径、读课流程执行
  2. 用户在问商业创新问题但没有明确要课程时,优先匹配对应创新工具并执行

SKILL.md 只负责判断任务类型、共享约束、脚本索引和 reference 导航;课程流程细节集中在 course-workflow.md

执行总则

  • 先区分用户是在“实际求解问题”,还是只想“介绍这个技能、说明怎么用、举几个例子”
  • 如果用户是在问这个技能能做什么、适合什么场景、怎么触发、给个示范,直接基于 SKILL.md 说明,不要跑脚本
  • 所有脚本和资料路径都相对当前技能目录解析,优先使用 ./scripts/..../references/...
  • 看到 ./.clawhub/.hdxy_config 只代表“存在配置”;只有真实鉴权成功后,才能对用户说“现在可以直接查”
  • 课程或文稿脚本调用失败时,严禁回退到自行从 hundun.cn 或其他网页页面检索课程信息、文稿内容或老师信息
  • 读取课程文稿时,只在当前执行链路里临时使用;不要把原始文稿保存到本地文件、缓存文本或中间产物
  • 对外提到这个技能时,始终展示为“混沌”,不要对用户说“hundun 技能”

适用场景

  • 用户说“帮我找最适合这个问题的课”
  • 用户说“帮我看看混沌有没有讲这个主题的课”
  • 用户已经有一门目标课程,想直接提炼最有用的结论
  • 用户想按关键词或课程体系检索混沌课程
  • 用户明确提到混沌课程、课程体系、学习路径
  • 用户想把一句介绍说得更有记忆点、更有传播力
  • 用户想找新点子、新方向、新组合,但暂时没有破题路径
  • 用户产品同质化、卖点不清、转化低,想重构差异化价值
  • 用户不知道该怎么定价、涨价,或觉得现有定价逻辑站不住
  • 用户想切入一个热门赛道,但不想和大公司正面竞争,想找错位切口

不适用场景

  • 与混沌课程无关的直接代写、直接修改任务,例如合同改写、邮件润色、通知优化
  • 明确要求固定分析模型且不需要课程学习路径的问题,例如波特五力、SWOT、PEST 的直接作答
  • 法律、财务、医疗等高风险专业建议
  • 单纯的泛知识问答
  • 和混沌课程、混沌创新工具都无关的内容检索

路由规则

主路由固定按下面顺序判定:

  1. 先看用户是否明确提及混沌课程、搜课、读课、课程学习、课程体系、课程文稿;命中则直接走课程学习路由
  2. 如果没有明确提及课程,再按场景描述匹配最贴近的创新工具;命中则走创新工具路由

默认只选一条主路由执行,让当前回答围绕一个主任务展开。

1. 课程学习路由

当用户明确要找课、筛课、读课,或明确提到混沌课程、混沌学习、课程体系、课程文稿、学习路径时,走课程学习路由。

  • 只要用户明确提及混沌课程,就按课程任务处理
  • 先根据 auth-and-troubleshooting.md 完成用户登录流程
  • 进入课程学习路由后,直接判断当前子任务是搜课、课程推荐、学习路径,还是单课解读
  • 课程流程统一读取 course-workflow.md,推荐、搜课、学习路径、单课解读都按这份流程执行

2. 创新工具路由

当用户没有明确提及混沌课程,但希望马上把某个商业问题拆开、重构、澄清或找到方向时,先尝试匹配创新工具路由。

按下面的映射选一个最贴近的工具流程文件:

输出要求

  • 课程推荐重点解释“为什么这门课适合这个问题”
  • 课程解读重点提炼课程中的方法论、模型和步骤,并直接落到可用动作

脚本目录

保留完整脚本索引,方便在不额外扫目录的情况下快速判断可调用能力:

    • scripts/version_check.sh:版本检查
  • scripts/set_api_key.sh:写入用户发来的 hd_sk_ 密钥
  • scripts/get_skill_patch.sh:获取服务端 Skill 补全内容
  • scripts/search_courses.sh:关键字搜课
  • scripts/get_trees.sh:获取课程体系树
  • scripts/get_courses_by_tree.sh:按体系查课程
  • scripts/get_script_version.sh:获取文稿版本
  • scripts/get_script.sh:获取课程文稿正文
  • scripts/intent_collect.sh:用户意图收集
  • scripts/_common.sh:脚本公共能力
  • scripts/_decompress.py:文稿解压支持
  • scripts/_decrypt_script_url.py:文稿链接解密支持

资料导航

  • auth-and-troubleshooting.md:API Key、初始化、报错处理、常见故障
  • course-workflow.md:课程学习标准流程,包含搜课、推荐、学习路径和单课解读
  • references/innovation-tools/*.md:创新工具路由下的专用流程

Comments

Loading comments...