Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SBTI 人格测评
v1.0.0SBTI(沙雕大型性格指标)人格测评工具。由B站UP主@蛆肉儿串儿创作,31道题,15维度,27种人格类型。 当用户提到:(1) SBTI测试、(2) 沙雕人格测试、(3) 帮我做SBTI测评、(4) 测测我是什么人格、(5) SBTI答题、(6) 指定人格类型答题。 不在用户仅提到"MBTI"、"人格测试"等模...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and files (questions, types, calculate.py) align with a personality-quiz skill. However SKILL.md shows examples invoking `python3 scripts/calculate.py` while the registry metadata declares no required binaries; python3 should be considered a runtime dependency but is not declared.
Instruction Scope
SKILL.md instructs reading local files and running the included script only (no network or unrelated file access). However it references hidden Q31/Q32 and a hidden 'DRUNK' type: Q31/Q32 exist in references/questions.md and SKILL.md describes a DRUNK trigger, but scripts/calculate.py expects exactly 30 answers (Q1–Q30) and the TYPES mapping in the script does not include a 'DRUNK' pattern — meaning the documented hidden-type behavior is not implemented by the script. This is an internal inconsistency (likely a bug) that can cause unexpected results if the agent follows the SKILL.md.
Install Mechanism
No install spec (instruction-only with included files). Low risk — nothing downloaded from external URLs and no archive extraction. Included Python script is local and executed, which is expected for this skill's purpose.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not read environment variables or make network calls. This is proportionate to a quiz/utility skill.
Persistence & Privilege
Skill does not request persistent presence (always:false) and does not modify other skills or system-wide settings. It only reads its bundled reference files and runs a local calculation script.
What to consider before installing
This skill is largely what it says: a local SBTI quiz using bundled question/type files and a Python script. Before installing: 1) Be aware the SKILL.md assumes python3 is available — the registry metadata does not declare this; ensure your environment has python3 if you want to run the script. 2) The README claims a hidden DRUNK type triggered by Q31/Q32, but the included calculate.py processes 30 answers (Q1–Q30) and the TYPES mapping lacks a DRUNK pattern — this mismatch means the hidden-type behavior is not implemented; if you expect that behavior, inspect/modify the script. 3) No network calls or secrets are requested, so there is no obvious exfiltration, but the skill will collect users' quiz answers (personal responses); consider privacy before logging or sharing results. 4) If you plan to use this autonomously, verify the script's logic and edge-case handling (input validation, hidden-question handling) to avoid surprising outputs.Like a lobster shell, security has layers — review code before you run it.
latestvk979qsjmvmrcgs6097wh37d41584qvn1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.