Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
zero-loss-methodology
v1.0.0Executable AI-assisted research and planning that ensures zero content loss, zero hallucination, and full traceability across multiple source documents.
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a methodology for zero-loss, traceable research) aligns with the instruction-only content: the SKILL.md is a detailed, self-configuring pipeline for ingesting sources, building scaffolds, and producing traceable outputs. The skill does not request unrelated credentials, binaries, or installs, so capability and purpose are coherent.
Instruction Scope
The instructions mandate creation of project directories and process artifacts and explicitly require outputs whose word count is >= the source content (i.e., effectively preserving or reproducing full source text). They also auto-populate 'authority sources' and imply fetching/verifying external references. This design can cause wholesale copying of user-provided source material into outputs and persistent archives, may trigger network fetching of external sites, and enforces application in any multi-document research task (scope creep). Those behaviours increase risk of accidental disclosure/exfiltration of sensitive data and broaden what the agent will do without fine-grained user consent.
Install Mechanism
Instruction-only skill with no install spec, no code files, and no binary requirements — lowest installation risk. Nothing is downloaded or written by an installer step.
Credentials
The skill declares no required environment variables or credentials, which is proportional. However, the instructions' implied actions (fetching external authority sources, archiving build scripts and full source copies) mean network access and file writes will be used at runtime; those behaviors are not reflected in any declared external endpoints or access constraints and could expose data if the agent or environment forwards outputs elsewhere.
Persistence & Privilege
The methodology explicitly creates persistent artifacts (Source-Inventory, Traceability-Matrix, BuildScripts, Process-History, Deliverables) and requires archiving build scripts and manifests for reproducibility. The skill does not request 'always:true' or special platform-wide privileges, but it does instruct the agent to store potentially large and sensitive copies of inputs and logs — increasing exposure through persistence even though no elevated system privileges are requested.
What to consider before installing
This skill is a detailed methodology rather than an installable program — the main risks come from what it tells the agent to do. Before enabling it, consider: (1) It requires preserving or reproducing source text (outputs >= input length), which can embed sensitive data into deliverables and archives — avoid running it on confidential inputs or modify the pipeline to redact sensitive fields. (2) It will create persistent project artifacts (inventories, manifests, build scripts) that you should manage with explicit retention and access controls. (3) The methodology suggests fetching external 'authority' sources — confirm network access and that retrieved content is acceptable to store/share. (4) Because the skill enforces broad application (use on any research task) and automated behaviours, test it on non-sensitive examples and require explicit user confirmation (GATE) before processing real data. If these behaviors are unacceptable, do not install or disable autonomous invocation/use and ask the skill author to provide options to limit copying, redaction, and external fetches.Like a lobster shell, security has layers — review code before you run it.
latestvk9787jrm1atphyjb4528bam1a5847bst
License
MIT-0
Free to use, modify, and redistribute. No attribution required.