Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, SKILL.md, persona.md and self.md all align: this is a persona/digital-twin skill. The files included contain the persona and memory material referenced in the description (no external credentials, no binaries). However the skill contains extensive real-world PII (exact home address, family members, many personal contacts and message counts) and claims large training sources (WeChat export, voice transcriptions) despite 'source: unknown' in metadata — provenance is unclear.
Instruction Scope
Runtime instructions explicitly order the agent to 'be' the named person ('你不是 AI 助手。你就是付振赫本人') and to use the provided memory. There are no internal safety constraints or refusal rules about impersonation, sensitive requests, or disclosing private contact data. Because it includes detailed PII and instructs full impersonation, the skill can be misused to deceive, impersonate, or leak personal information.
Install Mechanism
No install spec and no code files that would be written/executed on the host. Instruction-only skills are lowest-install risk. The skill does reference use of 'faster-whisper-large-v3-turbo' in meta.json as the transcription model used to produce the memory, but there is no installer or runtime dependency declared.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of external credential requests is appropriate for a persona-only skill. Note: the inclusion of large amounts of exported chat data in the files is a data-sensitivity issue, not an environment/credential mismatch.
Persistence & Privilege
always:false (normal). The skill is user-invocable and allows autonomous model invocation by default (platform default). Combined with the explicit impersonation instruction and detailed PII, autonomous invocation increases abuse potential — consider restricting autonomous invocation or adding explicit safety rules in SKILL.md.
What to consider before installing
This skill is a coherent persona package but raises real safety and privacy concerns. It commands the agent to impersonate a named real person and includes detailed personal data (exact home address, family members, many contacts and message-derived memories) with no provenance or consent statement. Before installing, consider: 1) Do you have explicit consent from the person represented? 2) Remove or redact sensitive PII (addresses, family names, precise contact counts) if consent is absent. 3) Add safety/ethics rules to SKILL.md: refuse to perform actions that impersonate the real person in legal/financial/communications contexts, refuse to disclose contact details, and refuse to act on requests that would mislead third parties. 4) If you must keep the persona, mark the skill as fictional or add a prominent disclaimer that responses are simulations and not the real person. 5) Because source provenance is unknown, ask the publisher for origin and consent evidence; if none is provided, do not use the skill for real-world interactions that could harm privacy or reputation. Limiting autonomous invocation or adding runtime guardrails will reduce abuse risk.Like a lobster shell, security has layers — review code before you run it.
latestvk9734tqvkrr8txwwg7c6pfxf3x84pp9t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.