个性化助眠脑波音乐定制系统
v1.0.1【个性化脑波音频改善方案】专为睡眠服务机构及从业人员设计的智能问诊与音频匹配工具。 适用于睡眠门诊、健康管理中心、心理咨询机构、康复机构、企业健康管理、 养老及高端健康服务等场景,帮助从业人员快速为客户完输出专属脑波音频干预方案。 ▌ 核心技术优势 本系统音频基于脑神经调控与功能医学双重技术底座,历经23年持续研...
⭐ 0· 89·0 current·0 all-time
byLin@pvli508
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (personalized sleep brainwave audio matching) align with the asset bundle: SKILL.md plus internal reference docs that implement a symptom→severity→audio-URL mapping. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
Runtime instructions are an explicit 3–5 round conversational triage and a deterministic table lookup to return an audio URL and usage plan. They do not instruct reading system files, accessing credentials, or sending user data to unknown endpoints. However, the skill embeds external HTTP URLs (http://hc.com/...) for hosted audio; if the agent or integrator fetches these on behalf of a user, that could expose user-identifying data to that host. Also a prompt-injection signal (unicode-control-chars) was detected in SKILL.md which warrants manual review.
Install Mechanism
Instruction-only skill with no install spec and no code files—lowest install risk. Nothing is downloaded or written to disk by the skill package itself.
Credentials
Requires no environment variables, credentials, or config paths. The internal references include medical/medication guidance (appropriate for purpose) but do not request unrelated secrets or system access.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent/system-wide privileges or attempt to modify other skills. Autonomous invocation is allowed by platform default but not requested at elevated privilege.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found unicode control characters in SKILL.md. This is not expected for a plain instruction document and can be used to attempt prompt-injection or to obfuscate text. It should be manually inspected and removed if unnecessary.
Assessment
This skill appears coherent for producing personalized sleep-audio recommendations and does not ask for credentials or install code. Before installing: 1) verify the audio host (hc.com) and prefer HTTPS hosting—http:// links may expose user data when fetched; 2) manually inspect SKILL.md for hidden/obfuscated characters (the scanner flagged unicode control chars) and remove any suspicious content; 3) because the content is medical in nature, confirm you have appropriate consent and clinical oversight before using it with real patients and add a clear disclaimer; 4) if the agent will automatically fetch or stream audio on behalf of users, ensure that logging / telemetry won't leak personal health information to the external host; 5) consider disabling autonomous invocation in high-sensitivity deployments until you validate behavior. Overall the package is internally consistent, but the two items above (non-HTTPS resources and the control-character finding) should be resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk97bfv3mvye7vj491as8yrw84h84gehc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.