ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Structured Falsification

v1.0.1

Structured falsification framework for complex decision-making, investment analysis, technology selection, and multi-factor judgment. Use when: (1) evaluatin...

0· 31·0 current·0 all-time
by@shenjianjun687-ops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included reference files (investment and tech decision templates) match the stated purpose. No unrelated binaries, env vars, or config paths are requested — the skill is instruction-only and uses only its bundled domain docs.
!
Instruction Scope
The SKILL.md instructs the agent to run an internal five-step falsification process and to load bundled domain configs only — this is in-scope. However, it also (a) says it can be auto-triggered 'no explicit keyword required' for high-uncertainty multi-factor decisions, granting broad discretionary activation, and (b) explicitly directs the agent to suppress step-by-step reasoning and only output final conclusions, which reduces transparency and auditability of decisions. Both are scope/behavioral risks worth flagging.
Install Mechanism
No install spec and no code files beyond static references — lowest-risk installation model (instruction-only).
Credentials
No environment variables, credentials, or external endpoints are requested. The skill only references its own bundled docs.
Persistence & Privilege
always:false and no special config paths — the skill does not request persistent/system-level privileges. Autonomous invocation is allowed by platform default; combined with the skill's broad auto-trigger phrasing, this can increase its activation surface but does not itself change privileges.
What to consider before installing
This skill appears to implement a coherent structured‑falsification decision framework and does not ask for credentials or install software — that's good. Before installing, consider: (1) the SKILL.md explicitly permits auto-triggering without strict keywords; if you want control, require explicit invocation or narrower triggers so it doesn't run unexpectedly, (2) the skill instructs the agent to hide chain‑of‑thought and only emit final conclusions, which makes it harder to audit or debug decisions — if you rely on explanations for accountability, you may want to disable or override that behavior, (3) test the skill on low‑risk decisions first to verify outputs and triggers. If the platform lets you review or constrain auto‑trigger rules, apply those limits before enabling the skill broadly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716h7yrezqkh2ec2brc7na59844jv9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments