ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill-optimizer

v1.0.0

自动分析、审核并优化 SKILL.md 文件,应用设计模式提升技能结构和质量,确保功能无误且更易维护。

0· 100·1 current·1 all-time
by@lilifeng0-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (optimize SKILL.md) aligns with the SKILL.md runtime instructions: it reads and rewrites SKILL.md content and suggests modularization. The skill declares no env vars, binaries, or install steps (instruction-only), which is proportionate for this purpose. Note: README/INSTALL examples reference downloading SKILL.md from raw GitHub URLs — that is an external installation suggestion but not required by the skill runtime.
!
Instruction Scope
The SKILL.md mostly stays within scope (read SKILL.md, analyze, propose and generate an optimized SKILL.md). However there are contradictory trigger/confirmation directives: an early section states the skill should be 'immediately proactively invoked (no user confirmation)' on any listed trigger, while Step 1 explicitly requires asking for confirmation for file-change or quality triggers and waiting for user consent before proceeding. This inconsistency grants the skill broad autonomous discretion in some places and a user-confirmation gate in others — ambiguous behavior that may lead to unexpected actions. The SKILL.md also instructs agents to 'load references/ files dynamically' (implying filesystem reads) — reasonable for a refactorer but should be explicit about which paths will be accessed.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. The README includes manual install commands that curl raw GitHub content — these are optional developer instructions, not an automated install in the skill bundle. If an operator follows those commands, they're downloading code from an external URL; that should be treated like any third-party script download (verify origin and checksum).
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to its stated function of analyzing and rewriting SKILL.md files. The only implicit resource access is reading local skill files and writing an optimized SKILL.md output — which matches the purpose but should be made explicit in deployment policies.
!
Persistence & Privilege
The registry flags show always:false (good), but the skill metadata and text emphasize auto-triggering (auto-trigger: true and 'immediately invoke without user confirmation' language). Autonomous invocation of an instruction that can rewrite SKILL.md files increases blast radius if mis-triggered. Although not permanently installed as 'always', the combination of broad trigger keywords (e.g., 'skill', 'agent') and an auto-trigger policy is a risk for unwanted or frequent activations. Also the SKILL.md contains several places where it expects to 'immediately execute' or 'respond within 5 seconds' — operational demands that may lead to automated runs without sufficient human oversight.
What to consider before installing
This skill is coherent with its stated purpose but has two practical concerns: (1) contradicting trigger/confirmation rules and (2) very broad auto-trigger keywords that may cause unexpected autonomous runs. Before installing, consider: 1) Clarify and tighten trigger behavior — remove or explicitly restrict the 'immediately invoke without user confirmation' clause and require confirmation for non-explicit user requests (file-change, ambiguous mentions). 2) Narrow the trigger keywords (avoid generic terms like 'skill' or 'agent') or add whitelist logic so it only runs when a specific filename or explicit command is used. 3) Require/implement logging, explicit consent prompts, and an easy way to disable auto-triggering. 4) If you follow README install instructions (curl from raw GitHub), verify the source and back up original SKILL.md before applying automated rewrites. If you want, I can suggest specific edits to the SKILL.md to resolve the confirmation/trigger inconsistencies and to add explicit filesystem access declarations and safety gates.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735f8fc8s2f7h706jjdzegxd83ewe9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments