Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TPR Framework
v2.0.1TPR(Think / Probe / Review)统一工作方法。 用于把复杂问题从模糊需求转化为可验证、可执行、可复盘的结果。 当遇到以下场景时激活: - 需要结构化分析复杂问题 - 启动项目、起草方案、审查方案 - 用户提到 TPR / 三省 / GRV / Battle / DISCOVERY - 需要做...
⭐ 0· 93·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (TPR methodology for multi-agent orchestration) matches the provided files: SKILL.md plus many reference templates and operational guides. The repository-style docs and templates are appropriate for a methodology skill.
Instruction Scope
The SKILL.md and README do more than describe methodology: they instruct agents to clone the repo into ~/.openclaw/skills/, edit core agent configuration files (AGENTS.md / SOUL.md), pre-create files, use spawn/edit/write tools, and to 'intercept' /reset to force writing self-improvement artifacts. Those instructions direct persistent changes to agent configuration and runtime behavior and give the skill broad discretion over file creation and control-flow interception.
Install Mechanism
There is no install spec in the registry metadata; this is an instruction-only skill. The README suggests using git clone from a public GitHub repo (a reasonable distribution method), but the registry does not perform the install itself.
Credentials
The skill declares no required environment variables, binaries, or credentials. Nothing in the metadata requests unrelated secrets. However, the guidance to write files and edit agent configs implies the agent executing it needs filesystem and tooling access, which is not declared in requires.*.
Persistence & Privilege
Although the skill is not marked always:true, its README and references explicitly instruct mounting the skill into other agents' core config (AGENTS.md / SOUL.md) and intercepting /reset to persist 'patterns.md' and corrections — i.e., modifying other agents' configuration and changing global agent behavior. That capability is powerful and should be granted only with explicit human consent and review.
What to consider before installing
This skill is a coherent, well-documented methodology bundle — not code that requests secrets — but it instructs agents to make persistent, system-level changes (cloning into ~/.openclaw/skills/, editing AGENTS.md/SOUL.md, pre-creating files, intercepting /reset). Before installing or following its instructions: 1) review the upstream GitHub repo content and commit history yourself; 2) do not let an agent autonomously edit core agent configuration without explicit human approval and backups; 3) if you want to try it, test in an isolated sandbox workspace (or a throwaway agent) so it cannot alter production agent configs or intercept global commands; 4) confirm you are comfortable with the skill writing files under your OpenClaw workspace (self-improving/corrections.md, patterns.md, project directories); 5) require explicit, manual consent before allowing the skill to persistently mount itself into other agents or to intercept user-level reset/clear commands.Like a lobster shell, security has layers — review code before you run it.
latestvk97cxn3tgw31pvxr110a5f7m1n84e4ba
License
MIT-0
Free to use, modify, and redistribute. No attribution required.