聊天助理
v0.1.1聊天助理技能。当用户不知道怎么回复女生、不知道怎么说开场白、想知道女生某句话什么意思、聊天卡壳了、不知道怎么约女生出来时触发。功能:分析女生回复的情绪和意图,给出3-5个幽默风趣又有梗的回复选项,附带分析思路和踩雷提示。关键词:怎么回复、怎么回、她说什么意思、不知道怎么聊、聊天卡壳、怎么约她出来、怎么开场白、聊天...
⭐ 0· 114·0 current·0 all-time
by@mahaodl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (聊天助理 — produce replies, analyze intent, give options and warnings) match the included SKILL.md and the two scripts. The scripts implement phrase matching, reply generation, and canned opening/escalation lines which align with the stated purpose.
Instruction Scope
SKILL.md instructs only how to provide message-based reply suggestions and analysis; it does not ask the agent to read system files, environment variables, or send data to external endpoints. The code likewise reads only its command-line arguments and static in-file data and prints results to stdout.
Install Mechanism
There is no install spec (instruction-only at runtime), which is low risk. Two JS scripts are bundled so the agent could execute them locally. No remote downloads, no extract steps, and no package dependencies. Minor inconsistency: package.json points main: "index.js" but no index.js is present, and package.json version (0.1.0) differs from registry metadata (0.1.1) — likely a packaging oversight but worth noting.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The JS files do not access process.env or network APIs; they operate on provided text only. This is proportionate to the described functionality.
Persistence & Privilege
Skill flags are default (always: false, user-invocable: true). The skill does not request permanent presence or modify other skills or system settings. There is no evidence it would persist credentials or alter agent configuration.
Assessment
This skill appears internally consistent and low risk: it asks for no secrets and the code works locally on input text. Before installing, consider: 1) run the scripts in a sandbox (or inspect them yourself) — package.json references a missing index.js and a mismatched version, which suggests minor packaging sloppiness; 2) test with non-sensitive, non-identifying example messages (the skill is designed to craft interpersonal replies and may produce manipulative suggestions you might not want to use blindly); 3) confirm there are no network calls in any future updates (this version has none); and 4) if you plan to allow autonomous invocation, be aware the skill can be called without immediate human oversight — keep an eye on outputs and revoke if behavior is undesirable.Like a lobster shell, security has layers — review code before you run it.
latestvk974kbtyk7me2ehfkydc69n6x183jgps
License
MIT-0
Free to use, modify, and redistribute. No attribution required.