Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
DiePre Embodied Bridge
v1.0.0DiePre 具身桥接层 —— 将2D视觉检测桥接到3D空间理解和机器人动作规划,vision-action-evolution-loop 的具体实现
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md describes a Python class, six callable tools (diepre_vision.analyze, dimension_estimator, etc.), and examples that import skills.diepre_embodied_bridge, yet the registry entry contains no code files or install spec to provide those implementations. The stated purpose (2D→3D bridge and robot planning) would legitimately require code, binaries, or dependencies, none of which are present in this package—this mismatch is a functional/integrity concern.
Instruction Scope
The instructions explicitly direct the agent to write and read local files (evolution_log/{task_id}.json, params/evolved_params.json) and to run periodic heartbeat tasks that aggregate failures and update parameters. Those behaviors are coherent for an evolving robotics skill, but they introduce persistent local state and periodic background processing; verify you are comfortable with automatic logfile writes and periodic processing in the chosen workspace. The instructions do not request unrelated system credentials or specify external network exfiltration endpoints.
Install Mechanism
There is no install specification and no implementation files—only documentation. The README suggests 'clawhub install' or copying a skills/ directory, but the package does not include the code to be installed. This creates ambiguity: either the skill is a documentation stub (harmless but non-functional), or it expects the installer to fetch code from the referenced GitHub homepage (which is external and not vetted here). Lack of an explicit, auditable install mechanism is a risk.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate to the documentation-only package. The described runtime might in practice need model weights or hardware access (GPU drivers) but none are requested here—confirm what external resources the real implementation (if obtained) requires before running.
Persistence & Privilege
The skill's design includes persistent logs and a heartbeat-driven evolution loop (HEARTBEAT.md) that periodically reads logs and writes evolved parameters. It does not request elevated privileges or global 'always' inclusion, but the persistent file writes could accumulate data over time; if you install a real implementation, consider where logs are stored and retention/permission policies.
What to consider before installing
This package currently contains only documentation describing a substantial Python toolchain but provides no implementation or install steps that fetch code. Before installing or running anything: 1) verify the referenced GitHub repository actually contains the implementation and review its code for network calls, subprocess execution, or any secrets handling; 2) do not run unreviewed installation scripts or copy code from untrusted sources — prefer cloning the repository and auditing it first; 3) be aware the skill will create and update local logs (evolution_log/ and params/evolved_params.json); ensure those files won't leak sensitive data and run the skill in a sandboxed environment if possible; 4) confirm what external model weights, binaries, or drivers the real implementation needs (they may require extra permissions or downloads); and 5) if you cannot obtain or audit the implementation, consider this package non-functional and avoid installing it.Like a lobster shell, security has layers — review code before you run it.
latestvk978qhm4j9d3dwx9f9w2vdba9d83z4zy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.