尸狗·警觉魄v2.0
ReviewAudited by ClawScan on May 10, 2026.
Overview
This security skill is broadly aligned with defense work, but it asks the agent to perform continuous monitoring and automatic response actions without clear scope, approval, or safeguards.
Treat this as a review-required security automation prompt, not a verified monitoring product. Before installing, decide whether it is allowed to monitor files, processes, networks, and logs, and require explicit approval before any account locking, file deletion, quarantine, blocking, or repair action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent with real tools followed these instructions too literally, it could lock accounts, delete or quarantine files, or change systems without enough confirmation.
The skill defines automated playbooks that can lock accounts, isolate items, clear files, and repair systems, but it does not specify required user approval, scope limits, rollback, or containment.
剧本2:异常登录 → 识别 → 验证 → 锁定 → 通知 → 审计 剧本3:恶意文件 → 检测 → 隔离 → 分析 → 清除 → 修复
Only use this skill with explicit human approval before any blocking, locking, deletion, quarantine, or repair action, and define exactly which systems and files are in scope.
The agent may be encouraged to keep monitoring beyond the immediate user request if it has access to background or recurring execution mechanisms.
The skill encourages persistent 24/7 monitoring, but the artifacts do not define a stop condition, user-controlled lifecycle, storage boundary, or containment model.
持续监控 - 安全是持久战,7x24小时监控
Require the user to explicitly start and stop monitoring, avoid background persistence by default, and document what is monitored and where records are stored.
Security logs and forensic records can contain private file names, system details, credentials, or incident data if not carefully scoped.
The skill describes monitoring sensitive file access and retaining evidence/log traces, but does not define what data is captured, how long it is kept, or how it is protected from reuse or exposure.
文件监控:敏感文件访问检测 ... 证据保全 - 所有操作留痕,可审计可追溯
Define monitored paths, excluded sensitive locations, log redaction, retention limits, and who can access any stored evidence.
A user could over-trust generated security status reports or believe active monitoring and remediation occurred when the skill may only be producing text guidance.
The skill presents advanced operational capabilities, including real-time monitoring and automated response, even though the reviewed package contains only instructions and no implementation or declared integrations.
v2.0新增:威胁情报整合、实时监控、自动化响应
Make clear whether the skill only gives advice or actually operates tools, and require evidence-backed reporting for any claim that monitoring or remediation was performed.
If those other skills are required at runtime, their permissions and behavior could affect the overall safety of this skill.
The skill references other skills as dependencies, but those artifacts are not included in this review context.
依赖技能 - silicon-soul(硅灵决基础) - auto-healer(吞贼·净化魄) - task-planner(伏矢·路径魄) - load-balancer(雀阴·平衡魄)
Review the referenced skills separately before using them together, especially any skill that can heal, plan, balance, or execute remediation actions.