Engineering
v1.0.0建设工程专业工程咨询技能,支持从DIY项目到专业实践的全方位工程理解与技术指导
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description (Chinese engineering consultancy, from DIY to professional practice) align with the SKILL.md content. The skill is instruction-only and does not request binaries, credentials, or unrelated capabilities.
Instruction Scope
Runtime instructions are limited to adapting responses by user level, citing standards, giving calculations, and prompting for professional review when appropriate. The document does not instruct reading system files, environment variables, or contacting external endpoints. However, the SKILL.md includes strong language to always disclose assumptions and safety limits (appropriate for engineering advice).
Install Mechanism
No install spec and no code files — lowest-risk form. Nothing is downloaded or written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are required. The skill does not ask for secrets or system access and the declared requirements are minimal and proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent inclusion or elevated privileges. Autonomous invocation is allowed by default but is not combined with other concerning factors.
Scan Findings in Context
[unicode-control-chars] unexpected: Scanner detected Unicode control characters in SKILL.md. Such characters can be used to hide or alter visible text (prompt-injection technique). The visible content appears coherent and benign, but you should inspect the raw file (hex view) for hidden characters before trusting or deploying the skill.
Assessment
This skill appears to be what it claims: a Chinese-language engineering guidance template that asks for no installs or credentials. Before installing or enabling it broadly: 1) open the raw SKILL.md in a hex-aware editor to confirm there are no hidden Unicode control characters or invisible instructions; 2) verify the skill owner/source if possible (metadata ownerId differs between manifest and registry entry—confirm provenance); 3) treat its output as advisory: for any work affecting safety or code compliance, get a licensed engineer to review and sign off; 4) run the skill in a sandboxed agent first and avoid pasting sensitive credentials or proprietary drawings into the chat. If you find hidden control characters or other unexpected content, do not enable the skill and report it to the platform.Like a lobster shell, security has layers — review code before you run it.
latestvk970vptdvb508808y9dqe8g7cs849n6e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚙️ Clawdis
OSLinux · macOS · Windows