陈天桥
v1.0.0中国网络游戏开创者,盛大集团创始人,后转向脑科学研究与投资,推动脑机接口和神经科学发展。
⭐ 0· 192·1 current·1 all-time
byLeo Sheng@leocryptoflow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and description are a biography of 陈天桥 and the shipped SKILL.md is exactly that content. There are no requirements (binaries, env vars, config paths) that don't belong to a people/profile skill.
Instruction Scope
SKILL.md is static biography text rather than runtime instructions. It does include external URLs, an email address, and a 'fans project' section promoting other sites (Openclaw123.xyz, aixin.chat, ClawOpen). While the file doesn't explicitly instruct network calls, an agent could be asked to fetch or navigate those links; exercise caution. The pre-scan flagged unicode-control-chars in the markdown which could be a prompt-injection or obfuscation attempt—worth inspecting the raw file.
Install Mechanism
No install spec and no code files to execute. This is instruction-only content; nothing will be written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are required. The policy does not request access to unrelated secrets or systems.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent or elevated privileges.
Scan Findings in Context
[unicode-control-chars] unexpected: The content contains unicode control characters which are not typical for a biography. These may be an attempt to hide or manipulate prompts (prompt-injection) or could be benign formatting artifacts. Inspect the raw SKILL.md for invisible characters before trusting it.
Assessment
This skill is essentially a static biography and is internally consistent with that purpose: it has no install steps, no code, and asks for no secrets. Before installing, do the following: (1) open the SKILL.md in a raw-text editor and search for/strip any invisible unicode control characters (the scanner flagged these), (2) avoid granting the agent internet access or credentials if you don't trust the unknown source, and (3) don't click or allow automatic fetching of the external links listed in the file without verifying the destinations. If you want extra assurance, run the skill in a restricted sandbox and review any agent responses that reference external URLs or ask to perform network actions.Like a lobster shell, security has layers — review code before you run it.
latestvk974bhdjtyhn92azn5p0480a0h82t72y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.