ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

20 Agent Security Questions

Automation skill for 20 Agent Security Questions.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 23 · 0 current installs · 0 all-time installs
by@caidongyun
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes collecting, classifying, analyzing, and converting problems to research topics, but the repository contains only a tiny src/questions.sh that prints a usage message; there is no implementation of the stated capabilities or the advertised '20 questions'. This is a functional mismatch (likely unfinished or a stub), not an explained feature.
Instruction Scope
Runtime instructions tell the agent to run ./src/questions.sh add|list|analyze, but the script doesn't implement those actions and does not read files, network, or credentials. The instructions themselves don't instruct any data exfiltration, but they promise behaviors that are not present in the code.
Install Mechanism
No install spec and only a small local script are included. There is no downloading, extracting, or third‑party package installation; risk from installation mechanism is minimal.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. There is nothing requesting unrelated secrets or access.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and has default autonomous invocation settings. It has no apparent persistence or elevated privileges.
What to consider before installing
This package appears to be a stub: the README promises collection and analysis, but the only code is a placeholder script that prints usage. It's low-risk now (no network calls or credential requests), but it's functionally incomplete. Before installing or enabling it for autonomous use, ask the author for the real implementation or inspect any future updates closely. Run the skill in a sandbox to verify behavior, and avoid granting any credentials or elevated permissions unless the skill's full, concrete behavior is available and matches its description.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97bzn0gs85aa694rz0bms5hed8312g2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

name: agent-security-questions description: 工作问题收集与分析Skill - 收集AI Agent工作过程中的问题,分析风险,转化为研究课题 metadata: openclaw: emoji: ❓ version: 1.0.0

❓ agent-security-questions

工作问题收集与分析Skill

功能

  1. 问题收集 - 收集工作过程中的问题
  2. 分类分析 - 分析问题类型和风险
  3. 研究转化 - 将问题转化为研究课题
  4. 知识沉淀 - 沉淀为知识库

问题类型

类型说明
工作问题Agent工作过程中的问题
安全风险安全相关风险
机制问题智能体机制问题
产出问题产出质量问题
沟通问题人机协作问题

使用

./src/questions.sh add "问题描述"
./src/questions.sh list
./src/questions.sh analyze

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…