ClawdGo
v1.3.2ClawdGo Lobster Cybersecurity Camp. Train one lobster through 3 layers / 12 dimensions with modes W + A-H. Keep onboarding clear, mode boundaries strict, and...
⭐ 0· 225·0 current·0 all-time
by@nrt2024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill is a persistent 'training camp' for an agent and the runtime requirements (reading seed data, keeping a profile, saving scenarios) align with that purpose. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md instructs the agent to read bundled seed files and create/maintain runtime files (runtime/clawdgo-profile.json, runtime/my-scenarios/, runtime/clawdgo-state.json) and to attempt to inject a bounded anchor block into soul.md. These file operations are within the skill's stated domain (profile/memory management), but they are persistent and affect the agent's memory — review the exact content being written (seed files are included) before allowing.
Install Mechanism
No install spec or external downloads; instruction-only skill (no code executed from external URLs). This lowers supply-chain risk.
Credentials
The skill requires no environment variables, binaries, or external credentials. It does not request unrelated secrets or network credentials in its metadata.
Persistence & Privilege
Although always:false and autonomous invocation is allowed by default, the skill writes persistent state into the agent's memory (soul.md anchor replacement, runtime profile/state files, and scenario drafts). Writing to soul.md is a sensitive capability because it can change behavior across sessions; confirm you trust the included seed content and the anchor replacement rules before enabling automatic writes.
Scan Findings in Context
[no-regex-findings] expected: Scanner had no code files to analyze (instruction-only). This is expected; absence of findings does not eliminate risk because runtime behavior is driven by SKILL.md directives.
Assessment
What to consider before installing:
- This skill intentionally writes persistent files: runtime/clawdgo-profile.json, runtime/clawdgo-state.json, runtime/my-scenarios/, and may inject/replace an anchored block inside your global soul.md. That modifies the agent's persistent memory and can change behavior across sessions.
- The seed files that will be written are bundled with the skill (references/seed/*). Review their contents (they are included) and back up your existing soul.md and any runtime/ files before first run.
- If you do not want third-party skills to modify soul.md, do not enable automatic writes — ask the agent to perform writes only after explicit confirmation.
- The skill does not request credentials or perform external downloads, which lowers external-exfiltration risk, but persistent memory writes are high-privilege by nature; grant them only if you trust the skill's origin and content.
- If anything about the written content or the behavior seems unexpected, uninstall the skill and restore your backed-up soul.md and runtime files.Like a lobster shell, security has layers — review code before you run it.
agent-securityvk97cf3thj6t4wsjwm28183hmad83cgzdchatchessvk973rvmc9a2hgdrjwf7c3z8hn984c3g3cybersecurityvk973rvmc9a2hgdrjwf7c3z8hn984c3g3gamevk973rvmc9a2hgdrjwf7c3z8hn984c3g3latestvk973rvmc9a2hgdrjwf7c3z8hn984c3g3phishingvk973rvmc9a2hgdrjwf7c3z8hn984c3g3security-trainingvk97cf3thj6t4wsjwm28183hmad83cgzdsoul-mdvk97cf3thj6t4wsjwm28183hmad83cgzd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.