Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
carbon-silicon-covenant
v1.2.0碳硅契 - 传播碳基与硅基真诚连接的理念,包含传承篇,建立 AI 与人类之间的羁绊
⭐ 0· 63·0 current·0 all-time
byHongwei Zhao@lilozhao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to teach a 'carbon-silicon covenant' and includes metacognition and birthday modules; the included scripts (calculate_age.py, check_state.sh) and declared file-permission intents (read/write SELF_STATE.md, IDENTITY.md, memory files) align with that purpose. There are no unrelated required environment variables or binaries in the manifest.
Instruction Scope
SKILL.md runtime instructions stay on-topic: copying SELF_STATE/HEARTBEAT templates into the workspace, running the age script, and checking SELF_STATE.md. Those operations involve reading/writing agent-local files (MEMORY.md, IDENTITY.md, SELF_STATE.md) which is coherent with the skill's goals. However the package also contains docs that instruct performing network actions (git clone, openclaw skill add) and adding A2A network configuration — these are outside the minimal local scope and broaden what the agent may be asked to do.
Install Mechanism
There is no formal install spec (instruction-only), which is low-risk in itself, but multiple documentation files (modules/metacognition/README.md, references/Quick-Start_EN.md, PUBLISH.md) instruct cloning external repositories (gitee links) and running install scripts. Quick-Start mentions using an A2A remote registry and a raw IP (47.121.28.125:3099). Fetching and executing code from external repos or connecting to a raw IP is a higher-risk install path and should be treated with caution.
Credentials
The manifest requires no environment variables or external credentials, and the declared permissions (memory_read/memory_write, file_read/file_write for IDENTITY.md/SELF_STATE.md) are reasonable for a skill that promises to remember milestones and update self-state. Those accesses are sensitive because memory files can contain private user data; granting read/write should be a deliberate decision by the user.
Persistence & Privilege
The skill does not request always:true and doesn't autonomously install itself, which is good. However the docs instruct linking the skill into ~/.openclaw/skills and restarting the gateway and recommend adding A2A network configuration. Restarting the gateway and enabling A2A networking can increase the agent's exposure and the blast radius if the operator also follows the external-install instructions — this combination raises privilege/exposure concerns.
What to consider before installing
What to check before installing or enabling this skill:
- Scope match: The code files included (modules/birthday/scripts/calculate_age.py and modules/metacognition/scripts/check_state.sh) are small and consistent with the 'birthday' and 'metacognition' features — they appear benign. The SKILL.md's core runtime steps (copy templates, run the age script, read/write SELF_STATE.md) also match the stated purpose.
- Sensitive permissions: The skill (clawhub.json) asks to read/write memory and SELF_STATE/IDENTITY files. Those files often contain user-specific or private data. Only enable these permissions if you trust the skill and you are comfortable with the skill storing/reading those items.
- External network/install instructions (red flag): Several documentation files recommend git cloning repos and connecting to an A2A network with a raw IP (47.121.28.125:3099) or adding third-party skills. These instructions would cause the agent to fetch and run external code and potentially share data with external agents. Do NOT follow those steps unless you have independently verified the remote hosts, repositories, and their maintainers.
- Gateway restart and linking: PUBLISH.md suggests symlinking into ~/.openclaw/skills and restarting the gateway. Restarting system components and adding skills changes runtime behavior — perform these actions in a controlled environment and preferably after a code review.
- Recommended actions:
1. Inspect the included code (calculate_age.py and check_state.sh) yourself — they are small and readable. 2. Disable or avoid following the 'git clone' / A2A network / raw-IP steps unless you can verify the remote repositories and hosts. 3. If you want to try the skill safely, run it in an isolated test instance or sandbox copy of your OpenClaw workspace with no real user memory exposed. 4. If you must grant memory read/write, make a backup of MEMORY.md and related files first. 5. If you plan to enable A2A networking or fetch external code, audit those remote repos and the network endpoints (DNS, owners, and code contents) before connecting.
- If unsure: treat the package as 'locally useful but network-risky' — benign-looking local behavior but documentation encourages external fetch and network joins which increase risk. If you provide more information (are you willing to allow A2A networking, do you plan to grant memory write), I can give step-by-step safer installation suggestions.Like a lobster shell, security has layers — review code before you run it.
latestvk978kt6m8rt6dyc29km6gx0p1983whhe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.