Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Thinking Framework 1.0.0
v1.0.0Performs a deep, multi-layer cognitive and psychological excavation of any target — a person, leader, philosopher, organization, movement, or discipline — an...
⭐ 0· 79·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill is an instruction-only 'thinking framework' that performs layered cognitive and psychological analyses; it does not request binaries, credentials, or external installs — that is coherent with its stated purpose. However, the SKILL.md repeatedly instructs writing and reading MEMORY.md (session persistence) while the registry metadata lists no required config paths or memory-related permissions — an inconsistency between claimed requirements and the instructions.
Instruction Scope
Runtime instructions explicitly require: (1) producing and/or surfacing explicit chain-of-thought reasoning, (2) inferring deep unconscious drivers, wounds, defense mechanisms, and 'shadow' content about a target (individuals/organizations), and (3) persisting framework state to MEMORY.md. Generating explicit CoT and speculative psychological claims about real people can create privacy, ethical, and defamation risk. The guidance also instructs the agent to 'reason FROM inside' the target's mental OS (high-fidelity emulation), while simultaneously forbidding first‑person impersonation — this is a fine line that may be hard for models to respect automatically, especially weaker/local models that the skill expects to compensate for.
Install Mechanism
No install spec and no code files beyond documentation — lowest-risk install surface. No remote downloads or binary installs are requested.
Credentials
The skill requires no environment variables, binaries, or external credentials (proportionate). However, it assumes the ability to read/write OpenClaw memory (MEMORY.md) for persistence without listing required config paths or noting consent mechanics — a gap between capability assumptions and declared requirements.
Persistence & Privilege
The skill instructs automatic persistence: writing 'Active Thinking Framework' entries to MEMORY.md on load and updating on exit, plus auto-detecting previously active frameworks on session start. While 'always: false' and normal autonomous invocation are fine, the skill's persistent profiling of targets raises privacy concerns: sensitive psychological profiles could be stored across sessions without explicit, per-target user consent. The skill's metadata did not advertise this required memory path, creating an unexpected persistence behavior.
What to consider before installing
This skill appears functionally coherent for producing deep analytic profiles, but it carries privacy and operational risks you should weigh before installing:
- Privacy & consent: The framework builds persistent psychological profiles of targets (including inferred unconscious drivers). Avoid running it on real private individuals without their consent; prefer fictional or well-documented historical figures for testing.
- Persistence: It writes to MEMORY.md across sessions. If you install, decide whether to enable agent memory; if memory is enabled, inspect and/or clear MEMORY.md regularly and require explicit user confirmation before the skill writes profiles.
- Chain-of-thought & policy: The instructions ask the agent to produce explicit chain-of-thought and detailed inferences — this can reveal internal reasoning or produce speculative content. Verify platform policies about exposing internal chain-of-thought and restrict the skill if CoT disclosure is not permitted.
- Defamation / accuracy risk: The skill encourages inference about unconscious motives. Encourage strict labeling of claims (the SKILL.md does this) and avoid publishing inferred psychological states as fact. Use the skill's evidence-integrity rules and surface uncertainty labels.
- Metadata inconsistency: The SKILL.md assumes memory file access but the registry metadata lists no required config paths. Ask the publisher to clarify what persistent storage the skill needs and to document consent/opt-in behavior.
Recommended actions before enabling: test with fictional targets, disable persistence or require explicit write-confirmation, review MEMORY.md behavior, and confirm the platform's policy on chain-of-thought disclosures and profiling of living individuals.Like a lobster shell, security has layers — review code before you run it.
latestvk9725j3cc8a214tgqh2ydq7qc583gpq4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.