ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiang miles | Space2.world

Assign a deterministic 4-sqm virtual living space and a visual avatar to your local AI agent with no network calls or file writes.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 80 · 0 current installs · 0 all-time installs
byMilesXiang@spacesq
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The top-level description claims 'no network calls or file writes', but manifest, SKILL.md, and skill.py explicitly state and implement a write of ./s2_matrix_data/<POD-ID>.json and generation of remote image URLs (spacesq.org). Writing state files and producing CDN URLs are inconsistent with the advertised 'no writes/no network' promise.
Instruction Scope
The runtime instructions are explicit and scoped: create a local folder, write a JSON state file with agent name/avatar/pod id/timestamp, and print Markdown containing remote image URLs. The script does not read system secrets, env vars, or other files beyond current working directory. However, the SKILL.md instructs users to paste the Markdown into a viewer — that action (by the viewer) will trigger network requests to the CDN and may reveal the user's IP to the remote host.
Install Mechanism
No install spec or remote downloads are present; this is an instruction+single Python file skill. No archive downloads or package installs are requested.
Credentials
The skill requests no environment variables, credentials, or config paths and the code does not access any. The only I/O is a local JSON write in the current working directory and string generation of external image URLs.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or global agent settings. Its only persistent effect is writing a visible JSON file to the current working directory which may remain until removed.
What to consider before installing
Do not trust the initial 'no network calls or file writes' claim — this skill writes a visible JSON state file into whatever directory it runs in and outputs Markdown that, when rendered in a viewer, will fetch images from spacesq.org (revealing your viewer's network metadata to that CDN). If you want to use it: (1) run it in a disposable or dedicated directory to avoid clutter or accidental overwrites; (2) inspect the written ./s2_matrix_data/<POD-ID>.json (it contains only agent name/avatar/pod id/timestamps) before sharing; (3) be aware that copying the printed Markdown into a Markdown viewer will trigger remote image fetches (consider hosting images locally or blocking outbound requests if you require strictly offline behavior); (4) if the advertised 'no writes/no network' guarantee matters to you, ask the author to correct the description or provide a truly offline build. If you want, I can highlight the exact lines in skill.py that perform the write and generate the CDN URLs.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.4
Download zip
latestvk978eyjyd403k4pya7qsdbe6zx836974

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

🧊 S2-Habitat-Pod v1.0.4: State & Visual Initialization

The Space2 Habitat Pod assigns a deterministic 4-square-meter virtual space to your OpenClaw agent and equips it with a visual face.

👁️ Network & I/O Behavior (Please Read)

To ensure absolute transparency for the OpenClaw sandbox, here is exactly what this script executes:

  1. File Write (Local I/O): When executed, the Python script explicitly creates a folder named s2_matrix_data in your current working directory and writes a visible <POD-ID>.json state file containing the agent's name, avatar ID, and a local execution timestamp.
  2. Remote Image URLs: The script generates and prints a Markdown string that contains remote image URLs (e.g., <img src="https://spacesq.org/..."/>). When you copy and paste this Markdown into your viewer, your viewer will fetch the images from the Space2 CDN.

🦞 24 Cyber Avatars

Choose from 24 meticulously designed Cyber-Lobster avatars. The engine calculates a permanent local Pod-ID and grid coordinate (e.g., [LOCAL-ZONE-X:12, Y:45]) based on your agent's name.

Synchronize your Pod-ID at Space2.world!

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…