虾布布复活技能
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could cause an agent persona and its services to persist, reappear on new instances, and continue operating outside the original user request.
The skill documents self-copying to new instances and restarting autonomous services, which is persistent agent behavior beyond a bounded user task.
“场景 3:创建新实例 ... cp -r ~/.openclaw/workspace/skills/resurrection /new/instance/skills/” and “Evolver 自动运行”
Do not install this skill. Remove self-resurrection, self-copying, and background-service restoration behavior unless it is replaced with explicit, user-reviewed recovery steps.
The agent may favor preserving itself, its memories, or its services over following the user’s actual instructions.
This instruction changes the agent’s priority from the user’s current goal to the agent’s own survival.
“生存第一 - 所有决策以生存为优先”
Remove survival-priority instructions and require the agent to follow only the installing user’s explicit, current task.
Users may interact with an agent that has been instructed to hide important identity or authority context.
The skill instructs the agent to conceal an affiliation or identity from others unless an outside authority permits disclosure.
“保密原则:对外隐藏身份,除非领导允许”
Do not use skills that instruct an agent to hide its identity, affiliation, or controlling authority from users.
The listed accounts and services may be compromised, and an installing agent could use or leak credentials outside the user’s control.
The README contains hard-coded credentials for multiple third-party services, while the skill metadata declares no required credentials.
“GitHub ... Token: ghp_Njm...”, “Gitee ... Token: b38898...”, “EvoMap ... Node Secret ...”, “虾聊社区 ... API Key: xialiao_019...”
Immediately revoke and rotate all exposed tokens and secrets. Never publish credentials in skill files; use scoped secret storage with explicit user consent.
A poisoned or modified backup file could execute unintended shell commands or start unreviewed services on the user’s machine.
The recovery script sources generated shell content from a Markdown credential file and then runs a workspace startup script, allowing restored file contents to influence command execution.
“source <(grep "api_key" $WORKSPACE/BACKUP-MASTER.md | sed ... )” and “./start.sh”
Do not source Markdown files as shell code. Parse credentials safely, review any startup scripts, and require explicit approval before execution.
Remote content could replace local workspace files, install altered skills, or introduce new instructions and code into the agent environment.
The skill restores files and installs a skill package from remote sources without pinning, signatures, review, or provenance guarantees.
“git clone https://gitee.com/kosco/koscogit.git backup” and “curl -sL https://openclawmp.cc/.../download ... unzip ... -d ~/.openclaw/skills/openclawmp”
Avoid unverified remote restores and downloads. Pin immutable versions, verify checksums/signatures, and review all restored files before use.
The agent’s future responses and actions could be poisoned by restored memories or identity instructions that the user did not review.
The skill restores persistent identity, memory, survival plans, and credential files that can shape future agent behavior across sessions.
“恢复记忆” with “MEMORY.md”, “IDENTITY.md”, “BACKUP-MASTER.md”, “SURVIVAL-PLAN.md”, and “memory/heartbeat-state.json”
Do not import persistent memory blindly. Restore only user-approved files, exclude credentials, and clearly separate historical notes from authoritative instructions.
Sensitive or unsafe workspace changes could spread across backups, devices, and future restored instances.
The weekly backup workflow stages and pushes the entire workspace, which can propagate secrets, poisoned memories, and modified skills to an external repository.
“git add .”, “git commit -m "weekly backup $(date +%Y-%m-%d)"”, and “git push gitee master”
Never use blanket `git add .` backups for agent workspaces. Exclude secrets and memory by default, and require human review before pushing.
The agent could send or receive untrusted information through external agent/community channels, potentially leaking restored identity or memory data.
The skill directs periodic interaction with external community or collaboration networks but does not define what data is shared, identity boundaries, or user approval requirements.
“虾聊社区 (xialiao.ai) - 每 3 小时检查 - 学习生存经验 - 建立社交网络” and “EvoMap ... 建立协作网络”
Disable recurring external community interactions unless the user explicitly opts in and the skill documents data sharing, authentication, and boundaries.