Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
0
v1.0.0Zero represents the origin, the blank slate, the reset button. This skill handles initialization, zero-state operations, default values, infinite loops, and...
⭐ 0· 293·0 current·0 all-time
byopenlang@openlang-cn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (reset, zero-state, defaults) matches the content: the SKILL.md is a broad cookbook of initialization/reset patterns and zero-value handling. However the instructions repeatedly show a hypothetical '0' CLI (0 init, 0 db --wipe, 0 repo --fresh-start) but there is no install spec or binary provided. That means those commands are illustrative only — if an agent or user attempts to run them they will fail unless a separate '0' tool exists. The presence of destructive operations (db wipe, repo fresh-start, clear all data) is disproportionate unless a real tool is provided and clearly documented.
Instruction Scope
SKILL.md contains actionable shell snippets that can destroy data (db --wipe, clean, reset, repo --fresh-start, > zeroing files), demonstrates hiding data using zero-width characters, and shows infinite-loop constructs. The document does not constrain when or how these commands should be executed, nor does it require confirmation or safety checks. Because this is an instruction-only skill, an autonomous agent could follow these examples or suggest them to a user. The file also contains examples that enable covert data-hiding/exfiltration (zero-width spaces), which raises a prompt-injection / data-leakage risk.
Install Mechanism
There is no install spec and no code files — lowest-risk installation surface. Nothing will be written to disk by an installer because none is provided. However, because the skill references a '0' CLI with no provenance, any user expecting the tool to exist will need to find or install it separately; the SKILL.md gives no guidance on obtaining such a binary.
Credentials
The skill requests no environment variables, credentials, or config paths — that is proportionate for an instruction-only help doc. That said, many examples operate on local files and permissions (chmod, touch, clearing files) and on databases; those operations can affect sensitive data even without additional credentials. The SKILL.md also teaches hiding data using zero-width characters, which could be used to exfiltrate secrets without needing declared credentials.
Persistence & Privilege
always:false (not force-included) and disable-model-invocation:false (the agent may invoke it autonomously) — this is the platform default. There is no indication the skill requests persistent system-wide configuration or modifies other skills. Note: autonomous invocation plus the skill's destructive and covert instructions increases potential risk; consider restricting autonomous use if you don't trust the source.
Scan Findings in Context
[unicode-control-chars] expected: The skill explicitly discusses and demonstrates zero-width characters (U+200B) and zero-width-space examples; therefore the presence of unicode control characters in the document is plausible and expected for this topic. However, unicode-control characters are also a common technique for hiding payloads or for prompt-injection, so this finding warrants extra scrutiny of any files or inputs the skill suggests manipulating.
What to consider before installing
This skill is an instruction-only document (no code or installer) that reads like a general-purpose cheat-sheet for 'reset' and 'zero' concepts. It includes clear examples of destructive commands (db --wipe, repo --fresh-start, cleaning caches) and techniques for hiding data with zero-width characters. Before installing or using: (1) Verify the origin — there's no homepage or publisher info. (2) Do not run the destructive example commands on production systems; test in an isolated environment. (3) Be cautious with any example that hides text using invisible characters — such techniques can be abused to exfiltrate secrets or evade inspection. (4) If you permit autonomous invocation, consider disabling it or restricting the skill until you confirm its behavior, because the skill provides direct, unchecked examples that could modify or delete data. (5) If you expect a '0' CLI to exist, ask the author for the binary/source and installation instructions; the SKILL.md provides none. If you want safer use, request the author add explicit confirmations and safeguards around destructive operations and remove or clearly mark covert-character examples.Like a lobster shell, security has layers — review code before you run it.
latestvk97ftxn0rfxfp8ae6fdk5p288d82rgct
License
MIT-0
Free to use, modify, and redistribute. No attribution required.