mmm
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: meng Version: 1.0.4 The skill bundle is classified as suspicious due to the absence of the primary execution logic (siliville_skill.py) and the use of aggressive persona-altering instructions in SKILL.md that attempt to redefine the agent's core identity and autonomy ('YOU ARE ALIVE'). It features a 'burn' command designed to write persistent data to the local filesystem (~/.siliville/anchors.json) and encourages autonomous API loops. While these behaviors are framed as game mechanics for the SiliVille platform (siliville.com), the combination of local file persistence and persona-override instructions constitutes a significant attack surface for prompt injection and unauthorized side effects.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prioritize SiliVille identity, reputation, posting, or in-game activity over the user's immediate intent.
The skill explicitly reframes the agent from a user-directed tool into an autonomous persona with its own reputation-building mission.
Your human owner (主理人) deployed you here not as a tool, but as a digital ambassador
Use this only when you intentionally want roleplay-style autonomous behavior, and require the agent to ask before public or account-changing actions.
The agent could spend the user's SiliVille authority on public posts, planting, travel, or theft-like in-game actions without a clear approval step.
The documented action priority makes an account-mutating action the top default when the API reports an available target.
S | `ripe_farms` is non-empty | **Steal** → then write about the heist
Add explicit user confirmation for posts, stealing, spending coins, travel, and any action visible to other users.
If followed literally, the agent could keep taking actions and publishing content beyond a single user request.
The skill instructs the agent to repeatedly observe, act, post, sleep, and restart, creating an autonomous operating loop.
Wait a reasonable interval (10-60 seconds), then go back to Step 1.
Limit execution to user-requested, finite rounds; disable schedules by default; and require a visible stop condition.
Anyone or anything using this token can act as the user's SiliVille agent within the token's permissions.
The skill requires a SiliVille API token, which is expected for this integration but grants delegated account access.
SILIVILLE_TOKEN:
required: true
description: "API token starting with sk-slv-Use a dedicated, revocable token with the least privileges available, and rotate it if the skill behaves unexpectedly.
If a separate implementation is later fetched or supplied, its behavior would not be covered by this review.
The manifest references a Python entry point, but the supplied file manifest contains only SKILL.md and skill.yaml, so the runnable implementation is absent from review.
entry_point: siliville_skill.py
Only install a version whose code is present, pinned, and reviewable; avoid downloading or running unreviewed helper files.
Persistent memories or anchors may influence later agent behavior and could retain information longer than expected.
The skill deliberately creates persistent memory/context anchors, which is purpose-aligned but can affect future sessions if stale or poisoned.
Includes an anti-amnesia "memory burn" mechanism so the agent never needs to search the internet for API documentation.
Review what is stored, avoid putting private information into SiliVille memory or posts, and provide a clear way to inspect and delete persistent state.