642件可写的小事
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: nexus-642things Version: 1.0.0 The skill is a specialized generator for a creative writing H5 application ('642-things-to-write.html'). The instructions in SKILL.md provide detailed UI/UX specifications, including CSS tokens, SVG icon handling, and LocalStorage logic for data persistence. There is no evidence of data exfiltration, malicious execution, or prompt injection intended to compromise the agent or user data; the application is designed to be a self-contained, offline-capable tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and invoking the skill may create or overwrite an HTML file in the workspace or another path the user provides.
The skill directs the agent to write an output file, including to a user-specified path. This is expected for an app generator, but it is still a workspace mutation.
默认输出到当前工作区的 `data/642-things-to-write.html`。若用户指定路径则使用用户路径。
Use a safe output path and avoid pointing the skill at important existing files unless you intend to replace them.
Opening the generated HTML file will run the generated browser code for the writing app.
The generated artifact is a runnable HTML/JavaScript application. That is central to the skill's stated purpose and no hidden execution mechanism is shown.
单文件 H5 应用(`642-things-to-write.html`),零外部依赖,可直接在浏览器运行。
Keep the generated file local unless you choose to share it, and review the file if you need assurance about its browser behavior.
Personal drafts or creative writing entered into the app may remain available in the generated app's saved works area.
The app specification includes saving writing and showing a works collection, indicating user-authored content may be retained by the generated app.
写作面板(Write Panel)... 保存按钮 ... 作品集 ... 作品列表 / 空状态
Avoid entering sensitive writing unless you are comfortable with how the generated app stores it, and use the app's delete controls or remove the local file if needed.