Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description promise system/environment detection, cleanup, and tuning — plausible for an optimizer. However, those capabilities normally require access to system metrics, files, and possibly elevated privileges; the skill does not declare any required binaries, config paths, or credentials. That mismatch is noteworthy but not definitive of malicious intent.
Instruction Scope
SKILL.md gives high-level instructions (detect, diagnose, '执行清理操作') but provides no concrete commands, no safe-guarded workflow, and relies on agent discretion. This open-ended authority could lead to destructive actions (file deletion, stopping services) without explicit confirmation or detailed constraints.
Install Mechanism
Instruction-only skill with no install spec and no code files — low surface area from installation. Nothing is written to disk by an installer.
Credentials
The skill requests no environment variables or credentials, which is consistent with being instruction-only. But its claimed tasks (resource analysis, cleanup) typically require runtime permissions that are not declared or scoped. It also lists dependent skills (silicon-soul, auto-healer, task-planner) without explaining what privileges those dependencies need.
Persistence & Privilege
always:false and user-invocable:true (default). The skill does not request persistent presence or to modify other skills or system-wide settings.
What to consider before installing
This skill is an instruction-only optimizer that promises environment scanning and cleanup but is vague about what it will do and what access it needs. Before installing or enabling it: 1) Ask the author for an explicit list of commands/actions the skill will run for each 'clean' or 'optimize' operation and what files/paths it will touch. 2) Require confirmation prompts for any destructive action (deletions, stopping services, changing configs). 3) Run it first in a sandbox or non-production environment. 4) Verify what the listed dependent skills do and what permissions they require. 5) If the agent can invoke skills autonomously, restrict that ability or require manual approval for this skill. If the author cannot provide clear, concrete operational details, treat the skill as risky and avoid running it on critical systems.Like a lobster shell, security has layers — review code before you run it.
latestvk971krty7sv3nq0bqzds69qt9s84mk0b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.