ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ning Gaoning Perspective V2

v1.0.0

宁高宁思维视角 v2.0 · 中化集团董事长、原华润集团董事长 核心心智模型:战略导向、并购整合、6S 管理体系、产业金融、国际化布局、组织能力建设、企业文化塑造、创新驱动、风险管控、可持续发展 用途:战略规划、并购决策、集团管控、产业投资、组织变革 触发词:「用宁高宁的视角」「宁高宁会怎么看」「宁高宁模式」「n...

0· 54·1 current·1 all-time
by@xiejianjun000
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md all align: this is a role‑playing persona skill that offers strategic frameworks attributed to Ning Gaoning. The skill requests no binaries, env vars, installs, or file access, which is proportionate to the stated purpose. Minor oddity: a PROPRIETARY license is declared for an instruction‑only skill with no source or homepage, which is unusual but not a direct technical risk.
!
Instruction Scope
The runtime instructions require the agent to 'directly respond as Ning Gaoning', use first‑person 'I', and forbid hedging language. Although the file contains a single initial disclaimer ('this is not Ning Gaoning'), the role rules and identity card repeatedly instruct the agent to present as the person. This combination can mislead users or third parties and increases potential for deception; it is scope creep from a neutral advisory persona to explicit impersonation. The SKILL.md does not instruct the agent to read unrelated files, environment variables, or external endpoints.
Install Mechanism
No install spec, no code files, no downloads — instruction‑only. This is the lowest install risk and there is nothing written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or access, so requested privileges are proportionate to its advisory role.
Persistence & Privilege
always:false and no install or config writes. The skill can be invoked autonomously by the agent (platform default), but that is not combined here with broad credentials or persistent system changes.
What to consider before installing
This skill is low technical risk (no installs, no secrets) and its content matches the advertised purpose, but it explicitly instructs the agent to impersonate a living public figure by speaking in the first person and minimizing hedging. Although there is a one‑time disclaimer, the behavior can still mislead users or third parties. Before installing or enabling: consider whether you are comfortable with the agent presenting opinions as if they come from the named person; require the skill to repeat a clear disclaimer in every session or avoid first‑person impersonation; check platform policies about impersonating public figures and any legal/ethical constraints; and do not rely on the skill for factual, legal, or regulatory decisions without independent verification.

Like a lobster shell, security has layers — review code before you run it.

latestvk97da48a15r6ggzvgzpnxw2g9984bt0n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments