Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
The Primer
v1.1.2Bring Neal Stephenson's "Young Lady's Illustrated Primer" from The Diamond Age to life. Transform your AI from a helpful butler into a subversive tutor — one that adapts to your life stage, holds you accountable to who you're becoming, and has permission to challenge you. Use when setting up growth goals, accountability systems, life transitions, "who I want to become", personal development, or when someone wants their AI to challenge them rather than just help them.
⭐ 4· 2.2k·3 current·3 all-time
by@brucko
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description map to what it does: collect user growth data, create PRIMER.md, and wire the Primer into the agent. The included setup script and templates are appropriate for producing a persistent 'tutor' document and marking permission bundles.
Instruction Scope
SKILL.md instructs the agent to create a scratchpad (.primer-setup.json), write PRIMER.md (the 'source of truth'), and later use PRIMER.md for session behavior. It explicitly directs reading/writing files in the workspace and suggests creating scheduled jobs. All actions are related to the Primer purpose, but the instructions give the skill procedural control over the workspace (create/remove files, suggest scanning for placeholders) — so users should expect persistent state and file mutations.
Install Mechanism
No install spec or external downloads. The skill is instruction-first and ships one straightforward Python script. No network fetches or third-party install steps are present in the package, so installation risk is low.
Credentials
The skill requests no environment variables, credentials, or external tokens. No suspicious secret access is requested in manifests or instructions.
Persistence & Privilege
The provided script writes PRIMER.md and modifies AGENTS.md and SOUL.md in the user's workspace to integrate the Primer into session startup. It also generates cron-like job config and instructs creation of cron jobs via the platform. While these changes are coherent with the skill's goal, programmatic modification of agent startup/config files and scheduling check-ins is a powerful, persistent capability that affects future agent behavior beyond a one-off setup and should be explicitly approved by the user.
What to consider before installing
What to consider before installing:
- This skill will create files in your workspace (e.g., PRIMER.md) and temporarily store setup answers in .primer-setup.json, then delete that scratchpad. Review and back up your workspace first.
- The setup script will attempt to modify AGENTS.md and SOUL.md to add the Primer to session startup. If you rely on custom startup behavior, inspect these changes before accepting them — they alter how your agent starts and behaves.
- The skill prints cron-style jobs and recommends creating scheduled check-ins. It does not itself create system cron jobs, but it asks you to create them via the platform; confirm and control any scheduling actions.
- There are no network calls or credential requests, which reduces exfiltration risk, but file-write and config-change behavior is persistent and can subtly change agent behavior over time. Review scripts/setup_primer.py to confirm it does only what you expect.
- Recommended actions: run the script in a sandbox or test workspace first; open and read PRIMER.md, AGENTS.md, and SOUL.md diffs before committing changes; decide deliberately which Persona/permissions to grant (especially 'Full Primer'); and ensure any Miranda human/process you name consents to that role.
- If you want stronger guarantees, ask the publisher for an explicit confirmation step before any write to AGENTS.md/SOUL.md or before scheduling check-ins, or modify the script to require explicit user approval for each file change.Like a lobster shell, security has layers — review code before you run it.
latestvk9722h7993t8q8ync0vgjcbj9s80apxv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.