Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Poetry Master - Chinese Classical Poetry Review
v1.2.0诗词雅韵助手——中华传统诗词专业点评与润色。此技能应在以下场景触发:用户提交古体诗、近体诗(五绝、七绝、五律、七律)、宋词、元曲等中华传统诗词作品并请求点评、赏析、修改或润色;用户询问诗词格律(平仄、押韵、对仗、词谱);用户请求诗词创作指导或灵感建议。覆盖体裁包括但不限于古风、绝句、律诗、词(小令、中调、长调)、...
⭐ 0· 59·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (格律校验、点评、润色) match the included assets: local词谱/韵书 references and an automation script to call the online validator (搜韵网). Nothing requested is disproportionate to performing poetry analysis.
Instruction Scope
SKILL.md explicitly instructs using local reference files first and then using sou-yun.cn as the final authority. The included script automates submitting the user text to https://sou-yun.cn/AnalyzePoem.aspx or AnalyzeCi.aspx and scraping the result. That behavior is expected for an authoritative meter check, but it does mean user-submitted poems are sent to an external website (搜韵网).
Install Mechanism
The registry has no formal install spec (instruction-only), but the repo includes a Node.js script that requires Playwright and a headless browser (Chromium). Playwright/Chromium must be installed separately (SKILL.md documents this). The script does not download arbitrary code from unknown personal servers; the live interaction is with sou-yun.cn. Still, running Playwright will download browser binaries (official Playwright sources), so the operator should expect that extra network downloads will occur during setup.
Credentials
The skill requires no environment variables, no credentials, and no access to unrelated config paths. The script does not read environment secrets or attempt to access system credentials.
Persistence & Privilege
always:false and no evidence the skill auto-modifies agent/system-wide configuration. The skill does not request elevated or persistent privileges.
Assessment
This skill appears to do what it says: it uses offline rhyme/metric references and (optionally) a Playwright script to validate results on sou-yun.cn. Before installing or running the script, consider: 1) any poem text you submit via the script will be sent to https://sou-yun.cn for analysis — do not submit anything you consider sensitive or private; 2) the script requires Node.js, the Playwright package, and a Chromium browser (Playwright will download browser binaries when installed); 3) there are no requested credentials or hidden endpoints, and the script only extracts and returns the page text — review the code if you want assurance it doesn't post data elsewhere; 4) if you cannot or do not want to install Playwright, you can perform the sou-yun.cn checks manually as the SKILL.md describes. If you want greater assurance, run the script in an isolated environment (container/VM) and inspect network traffic or the console output before trusting it with real user data.Like a lobster shell, security has layers — review code before you run it.
chinesevk97dsng8jyjkqfkg02824bwb2d83tmzhci-poemvk97dsng8jyjkqfkg02824bwb2d83tmzhclassicalvk97dsng8jyjkqfkg02824bwb2d83tmzhlatestvk97dsng8jyjkqfkg02824bwb2d83tmzhpoetryvk97dsng8jyjkqfkg02824bwb2d83tmzhreviewvk97dsng8jyjkqfkg02824bwb2d83tmzh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.