Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cognitive Skill Factory
v2.0.1认知 Skill 工厂 v2.0 - 17 个顶级认知 Skill 合集 包含 10 个中国企业家/投资人 +7 个国际大师(乔布斯/马斯克/芒格/纳瓦尔/费曼/塔勒布/张雪峰) 用途:用顶级思维做决策,提高决策质量 触发词:「认知 Skill」「思维框架」「决策工具」「用 XX 的视角」
⭐ 0· 72·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (a bundle of 17 cognitive/decision-making sub-skills) aligns with the provided SKILL.md, manifest, and install guidance — there are no unexpected required env vars, binaries, or privileged permissions. However, the manifest lists 17 skills while the included install script only installs 10, and the README/manifest claim MIT license while LICENSE.md is a proprietary commercial license; these metadata mismatches reduce confidence in the package's coherence.
Instruction Scope
SKILL.md is instruction-only and stays on-topic (how to invoke perspectives, sample prompts, and install commands). The included scripts/instructions call 'clawhub install' to fetch many other skills from a registry — that means runtime behavior depends on those remote packages. SKILL.md/script do not request or read local secrets, system files, or external endpoints directly, but they do instruct network-based installs (implicit network activity via clawhub).
Install Mechanism
There is no explicit install spec in the manifest (instruction-only), and the only code file is a small install-all.sh that runs 'clawhub install' for a list of skills. This is low-risk in itself, but because it triggers network installs, the actual code and permissions come from upstream packages — you should inspect those targets before running. Also the script installs only a subset (10) of the 17 claimed skills, an inconsistency that may be accidental or intentional.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That is proportionate for a content/assistant-style aggregator and matches the SKILL.md instructions.
Persistence & Privilege
The package does not request always:true and does not attempt to modify other skills or system-wide configuration. Default autonomous invocation is allowed (platform default) and is not by itself a concern here.
What to consider before installing
This package appears to be a content bundle (17 perspectives) but has multiple inconsistencies that merit caution: 1) License mismatch — LICENSE.md claims a proprietary paid license and heavy restrictions while README and manifest state MIT; clarify which is authoritative before using (this affects legal/commercial use). 2) Installation mismatch — manifest/README advertise 17 skills but the provided install script installs only 10; inspect where the other 7 come from and examine those packages before running any bulk install. 3) Source/reputation — homepage was listed as 'none' but manifest and docs reference a GitHub and website; verify the repository and owner identity (check commits, issues, and repo health) to ensure it’s not a copy or scam. 4) Do not run scripts (install-all.sh) blindly — instead: inspect the 'clawhub install' targets, review each referenced skill’s SKILL.md and code for unexpected network, credential access, or filesystem operations. 5) Because public figures' names are used, consider IP/endorsement risks if you plan to redistribute or use commercially. If you need higher assurance, request the canonical repository URL and a clear license statement from the publisher and/or inspect the upstream packages that 'clawhub install' will fetch.Like a lobster shell, security has layers — review code before you run it.
latestvk977w25cv3jecxb1yy08jjkxdh848pa3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.