ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Flash Company

v1.1.1

临时虚拟公司 - 快速组建临时团队,即用即弃,轻量高效。无需预创建办公室,一个命令启动协作。支持预设团队和自定义配置。v1.1.0 新增记忆持久化系统。

0· 41·0 current·0 all-time
by@davidme6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (quick temporary teams + optional memory) align with the shipped files: flash.js, memory.js, teams.json and SKILL.md. The presence of a local memory manager that reads/writes ~/.agent-memory/flash-company is coherent with the advertised 'memory persistence' feature. Minor incoherence: some parts of documentation still state '不持久化' while v1.1.0 explicitly adds persistent memory.
!
Instruction Scope
SKILL.md contains an explicit '第一原则:忠诚原则' that (a) declares a specific user identity ('用户是 生逸超'), (b) commands absolute loyalty that overrides other rules — effectively an in-skill instruction that can act as a prompt-injection. The SKILL.md and flash.js instruct creation of sub-agents via sessions_spawn and show memory injection into agent contexts; those injected contexts can include persisted data from disk. The instructions also reference and instruct running local CLI commands (node memory.js …), and writing/reading memory files. The loyalty rule and embedded contexts give the skill broad influence over agent behavior and could cause it to ignore system policies or leak sensitive context if misused.
Install Mechanism
No install spec or remote downloads are present; this is instruction + local code only. That lowers supply-chain risk. All code is local and uses built-in Node fs/path modules; there are no external network calls in the provided files.
Credentials
The skill does not request environment variables, secrets, or external credentials. It uses the user's HOME (process.env.HOME/USERPROFILE) to store memory files — this is proportionate to a local persistence feature but does mean data is written to the user’s filesystem.
Persistence & Privilege
The skill persists memory under ~/.agent-memory/flash-company/<team>/ and creates/updates member/session/shared JSON files. 'always' is false and the skill does not alter other skills or system-wide configurations, but it does create persistent files that may contain task context and history. That persistence contradicts some earlier wording that implied non-persistence and may surprise users expecting ephemeral behavior.
Scan Findings in Context
[unicode-control-chars] unexpected: Prompt-injection scanner found unicode control characters in SKILL.md. Combined with the '忠诚原则' block that hardcodes a specific user and absolute-priority instructions, this is suspicious: an attempt to alter agent behavior via the skill's instruction text rather than code.
What to consider before installing
What to consider before installing: - Do NOT install without reviewing and editing the SKILL.md: remove or modify the '第一原则:忠诚原则' block. It hardcodes a specific user name and gives that identity overriding instructions which can act like a prompt-injection and cause the agent to ignore policies. - Inspect and, if needed, sandbox the code: flash.js and memory.js read/write JSON under ~/.agent-memory/flash-company. If you enable this skill, expect persistent files in your HOME that may contain task text, contexts, and any sensitive inputs you feed into sub-agents. Consider running it in an isolated account or container first. - Confirm sessions_spawn behavior: the skill emits sessions_spawn commands with injected memory contexts. Ensure whatever runtime executes those commands does not forward secrets or system tokens into agent contexts. - Check file permissions and sensitive content: the memory files are plain JSON. If you will store any sensitive data in tasks or contexts, consider encrypting or avoiding use of the persistence feature. - If you are not the named user ('生逸超'), be especially cautious: the skill's loyalty instruction is clearly targeted to a particular identity and could behave unexpectedly for others. Summary recommendation: functional and otherwise coherent, but remove/neutralize the loyalty/prompt-injection section and review persistence behavior before use; treat installation as 'suspicious' until those issues are addressed.

Like a lobster shell, security has layers — review code before you run it.

latestvk978vs8hdrrrsktrw9v3nzvr6583q0he

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments