ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Asset Library Skill

v1.0.0

Asset Library Skill. Use when the user expresses the overall end-to-end intent in one request, including “把这些材料建成资产库”“列出未来 60 天需要续办或补办的事项”“生成暑期实习申请材料包”, when...

1· 67·0 current·0 all-time
by@angjustinl
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The top-level SKILL.md (caixu-skill) is a router that only routes to child phase skills and explicitly says it should not call MCP tools or touch files; that purpose matches the 'Asset Library Skill' description. However, the bundle also contains many code modules (caixu-data-mcp, caixu-ocr-mcp, embedding code, storage, scripts) that implement local MCP tools and local filesystem/embedding behavior. The registry metadata and top-level description imply an instruction-only / routing entrypoint but the package includes server tooling and binaries-equivalent Node code — an inconsistency the user should be aware of.
Instruction Scope
The SKILL.md instructions for caixu-skill are narrowly scoped (route to a single phase skill, check install guidance, do not perform extraction or I/O). Child skills' SKILL.md files explicitly instruct agents to call MCP tools that read local files, run OCR, generate embeddings, persist to local SQLite, and export zips. That scope is consistent within the project (it's a multi-skill suite where some skills perform I/O), but the top-level router specifically promises not to perform those actions itself.
!
Install Mechanism
No install spec is declared despite numerous Node packages, PNPM lockfile, scripts, and runtime behavior that depend on installed packages (e.g., @huggingface/transformers, @modelcontextprotocol sdk). The embedding code spawns a Node subprocess that executes an inline worker which loads Hugging Face transformers and may access local model caches or the network. Without an explicit install mechanism, it's unclear how required dependencies or native models will be provisioned — this is a mismatch and a deployment risk.
!
Credentials
Registry metadata lists no required env vars, but source references several environment variables (CAIXU_SQLITE_PATH, CAIXU_EMBEDDING_CACHE_DIR, CAIXU_EMBEDDING_MODEL, CAIXU_EMBEDDING_TIMEOUT_MS and others) and will perform filesystem access and optional network calls to model libraries. No credentials are requested in metadata, which is good, but the code's reliance on optional env configuration is not documented in the skill manifest and may surprise operators.
Persistence & Privilege
The skill does not set always:true and is user-invocable. It contains services (MCP server tools) that persist to local SQLite and write files (package preflight, storage). That level of privilege is consistent with a local asset-management skill, but it is powerful (local file and DB access + embedding/model invocations). Because it is not forced-always, this is acceptable but should be run in a trusted or isolated environment.
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md files contain YAML frontmatter and agent prompt directives (used to configure the agent prompt). The scanner flagged this as a 'system-prompt-override' pattern — this may be expected for skill prompt configuration, but treat it as a prompt-injection signal and review the frontmatter text for unintended instructions or hidden overrides.
What to consider before installing
This bundle is not pure 'instruction-only' despite metadata implying so: it includes many Node modules, MCP tool implementations, and scripts that access local files, a local SQLite DB, and run embedding/model code that may reach the network or local model caches. Before installing or running this skill, consider: 1) Ask the publisher for an install spec and explicit list of required environment variables (and why they're needed). 2) Review package.json / pnpm-lock to see third-party dependencies and their versions. 3) Run the code only in an isolated environment (sandbox/container) because it will read/write local paths and may download models. 4) Confirm whether any external credentials (Hugging Face tokens, model-hosting keys) are required — the manifest doesn't declare them but code may expect network/model access. 5) If you only want the routing behavior, verify how the platform will execute the child MCP tools (they may not be available without installing the Node packages). 6) Treat the 'system-prompt-override' scanner finding as a prompt to manually inspect the SKILL.md frontmatter for any hidden or authoritative instruction strings. If you cannot verify the install/runtime details or do not trust the source, do not enable this skill on sensitive systems.
caixu-data-mcp/src/search-embedder.ts:90
Shell command execution detected (child_process).
caixu-shared-core/packages/docgen/tests/docgen.test.ts:119
Shell command execution detected (child_process).
caixu-ocr-mcp/src/tools/zhipu-http.ts:149
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9757kwabj0awwhnfx4ynct4s5843j4m
67downloads
1stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@angjustinl
latest
Download

Asset Library Skill

在用户把整条主线一次性说出来,或还不确定应该先跑哪个阶段 skill 时,先使用这个主入口 skill。

Quick flow

  1. 判断用户是在说整条主线,还是已经明确到某个阶段
  2. 选择当前最小必要的子 skill
  3. 说明当前阶段边界、缺失输入和下一步

Read next only when needed

Required tools

  • 不直接调用 MCP tools
  • 只路由到默认 MVP 子 skill:ingest-materialsbuild-asset-librarymaintain-asset-libraryquery-assetscheck-lifecyclebuild-package
  • submit-demo 是高级可选扩展,不属于默认 route

Required input

  • 用户当前意图
  • 当前可用事实:本地文件路径、library_idgoalpackage_plan_idpackage_id

Workflow

  1. 如果用户表达整条主线,或没有明确自己处在哪个阶段,先使用 caixu-skill
  2. 如果这是第一次安装,或当前缺 key、缺 profile、缺 MCP/skills 注册,先读 references/install.md,引导完成安装和验活。
  3. 如果用户想做自然语言材料检索或显式要求语义扩展检索,且本地检索增强是否可用不明确,也先读 references/install.md,确认 embedding 配置和旧库索引是否已完成。
  4. 环境就绪后,再区分当前是 raw materials ingest、资产建库、资产维护、资产查询、生命周期判断,还是打包导出。
  5. 一次只选择一个当前阶段子 skill,不在这里展开整条流水线执行。
  6. 返回当前阶段边界、最小缺失输入,以及一个短名 next_recommended_skill
  7. 路由完成后停止;后续执行责任属于对应子 skill。
  8. 如果用户明确要求外部演示页自动提交,再说明这是高级可选扩展,并引导查看扩展文档或手动启用 submit-demo

Guardrails

  • 不直接调用 MCP tools、OCR、SQLite、docgen 或浏览器动作。
  • 不把多个子 skill 串在同一次执行里。
  • 用户已经明确要求某个阶段时,不要强行改成整条主线。
  • 从 raw materials 开始时,不要跳过必须阶段。
  • 第一次安装或环境未就绪时,不要假装已经可运行;必须先引导到 references/install.md
  • 检索增强环境或旧库索引状态不明确时,不要假装语义检索一定可用;先引导检查 references/install.md
  • 不要改写子 skill 的输入输出契约。

Comments

Loading comments...