ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

KingOfZhao Decision Framework

v1.0.0

决策框架 Skill —— 已知/未知驱动的结构化决策系统,置信度加权+红线拦截+决策记忆

0· 65·1 current·1 all-time
by@kingofzhao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (decision framework for known/unknown-driven decisions) matches the SKILL.md content (KUWR method, scoring, redline checks, decision memory). However the SKILL.md shows a Python usage example (from skills.decision_framework import DecisionFramework) and an install command (clawhub install decision-framework) while the skill bundle contains no code files or install spec. That mismatch (documentation claiming code/API that isn't included) is unexplained.
Instruction Scope
The runtime instructions are limited to decision structuring, scoring, redline checks, and recording decision-memory files (decisions/{date}_{id}.md). They do not instruct reading unrelated system files or exfiltrating secrets. The decision-memory convention implies writing files to the workspace; that is expected for this purpose but should be noted.
Install Mechanism
No install spec is present (instruction-only), which is low risk. The SKILL.md nevertheless references an external installer command (clawhub install decision-framework). Because no install artifacts or code are included, it's unclear whether that command fetches trusted code or whether the platform is expected to provide the implementation—this ambiguity should be resolved.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The declared requirements are minimal and proportionate to a documentation/methodology skill.
Persistence & Privilege
always is false and there's no indication the skill requests elevated or persistent platform privileges. It includes instructions to save decision records to a workspace path, which is reasonable for a memory/recording feature.
What to consider before installing
This appears to be a documentation-only decision framework (method + examples) rather than an actual packaged Python module. Before installing or running anything: 1) Confirm the source—visit the provided GitHub link and verify whether implementation files exist and are trustworthy. 2) Ask the author or maintainer where the referenced Python module and the 'clawhub install' artifacts come from; the package bundle you provided contains no code. 3) If you accept running this, run it in an isolated workspace because the framework expects to write decision records (decisions/{date}_{id}.md) which may contain sensitive decision rationale. 4) Because no credentials are requested, there is no obvious secret-exfiltration risk in the files shown, but the missing implementation and ambiguous install path are the primary concerns to resolve. If the author supplies the missing code, re-evaluate that code (or share it) before trusting automated execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk9767brchgyp1e31jfmm86pf3983z6j6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments