Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dream Journal
v1.1.1梦境记录、学习与分析工具。当用户提及梦境相关内容时,自动提取并学习新的梦境意象,进行文学化修饰后按日期记录。支持意象库自动扩充、关键词搜索、统计分析。从零开始,越用越懂你的梦。
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (dream journal with dynamic learning and LLM assistance) aligns with the included code's goal of extracting and saving dream imagery. However the SKILL.md repeatedly claims 'LLM 辅助分类' (LLM-assisted classification) while the provided Python script uses only local regex/rule-based heuristics and no model/API calls. That mismatch between claimed capability (uses an LLM) and actual implementation (no network/model integration) is unexpected and should be clarified.
Instruction Scope
SKILL.md promises automatic trigger detection when users mention certain phrases. The code provides functions to extract, learn, and save imagery but does not include any message-listening glue to implement automatic triggering itself — likely the agent runtime performs that integration. The SKILL.md lists output files (dreams.md, dream_stats.json) but the script writes dream_imagery_base.json, dream_imagery_db.json and user_imagery.json; I could not confirm creation of dreams.md or dream_stats.json in the visible code. These output-name mismatches and the absence of explicit event/listener code are scope inconsistencies to verify.
Install Mechanism
No install spec (instruction-only plus a small script) — nothing is downloaded or executed during install. This is low-install risk; the code will be present as provided and executed by the agent when invoked.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However the script writes persistent files into a hard-coded absolute path (/root/.openclaw/workspace/memory). That requires write access to that location and assumes a particular runtime layout and user (root). No secrets are requested or exfiltrated by the visible code.
Persistence & Privilege
The skill persistently stores user data (JSON and other files) in the workspace directory. always is false (good), but the agent can invoke the skill autonomously. Combined with persistent storage of potentially sensitive personal dream content, you should consider where that workspace is stored and who can access it.
What to consider before installing
Key things to check before installing:
- Clarify the LLM claim: SKILL.md says it uses an LLM for classification but the script contains only local regex/rule logic and makes no network calls — ask the author whether an external model is intended and how it would be invoked.
- Review data persistence: the script writes user data to /root/.openclaw/workspace/memory (dream_imagery_db.json, user_imagery.json, dream_imagery_base.json). Confirm that path is acceptable, that you are comfortable with persistent storage of personal/psychological content there, and whether the agent will create dreams.md and dream_stats.json as the docs promise.
- Portability & permissions: the hard-coded /root path assumes root access and may behave unexpectedly in non-root or multi-user environments; consider running the skill in an isolated container or changing the path to a user-scoped folder.
- Privacy: no network calls or credential requests are present in the visible code (good), but verify there are no hidden/updated versions that would add external endpoints. If you need strict privacy, audit or sandbox the script before use.
- Functional testing: run the script in a non-production environment to confirm which files are created, how triggers are handled by your agent runtime, and whether any additional behavior occurs when the agent invokes it autonomously.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8sm8af8z8zfv3fag6y2f8h84bff2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.