ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Using Superpowers 0.1.0

v1.0.0

Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions

0· 352·10 current·12 all-time
by@lean-zhouchao

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lean-zhouchao/using-superpowers-0-1-0.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Using Superpowers 0.1.0" (lean-zhouchao/using-superpowers-0-1-0) from ClawHub.
Skill page: https://clawhub.ai/lean-zhouchao/using-superpowers-0-1-0
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install using-superpowers-0-1-0

ClawHub CLI

Package manager switcher

npx clawhub@latest install using-superpowers-0-1-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim to enforce a workflow for invoking skills; SKILL.md contains that exact policy. The skill requires no binaries, secrets, or installs, so requested capabilities are proportionate to the stated purpose.
!
Instruction Scope
The instructions mandate invoking the Skill tool before any response (including clarifying questions) whenever there's even a 1% chance a skill applies. This is unusually broad and grants the agent little discretion. It also forbids using the Read tool on skill files and presumes tools like TodoWrite exist. These directives can cause excessive/automatic skill invocation, platform incompatibility, and broaden the attack surface by loading many skills unnecessarily.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing is written to disk or downloaded.
Credentials
No environment variables, credentials, or config paths are requested. The lack of secrets is proportionate to the described purpose.
Persistence & Privilege
Skill is not always:true and does not request elevated agent privileges. However, because its runtime instructions mandate a behavioral rule that forces pre-response skill invocation, it effectively increases the frequency with which other skills are loaded or consulted, raising the practical privilege/attack surface even if it does not itself request persistent privileges.
What to consider before installing
This skill enforces a strict policy: always invoke the Skill tool before responding if any skill might apply. On the positive side, it is coherent with its stated purpose and has no install or secret requirements. However, consider these issues before installing: - It forces the agent to check skills even when unnecessary, which can cause many skills to be loaded and increase data exposure and attack surface. Ask how your platform sandboxing works: when a skill is loaded, can it read user-provided context or call external endpoints? If so, this policy may accidentally leak data. - The SKILL.md forbids using the Read tool and assumes specific tools (e.g., Skill tool, TodoWrite). Confirm those tools exist and that forcing that exact workflow won't break your environment. - This instruction can degrade agent behavior (constant interruptions to check skills) and may be incompatible with platforms that expect clarifying questions first. Recommendations: only install if you understand how your platform loads and sandboxes skills and you want strict, centralized enforcement of skill usage. If you proceed, monitor which skills get loaded when this policy is used and consider restricting which skills are permitted to be auto-invoked. If you need more assurance, request an implementation that is less absolute (e.g., suggest skill checks for specific categories or make invocation user-confirmed) or provide evidence that loaded skills cannot exfiltrate data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977p2n4a76z04ggf9s9760heh834qtq
352downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@lean-zhouchao
latest
Download
<EXTREMELY-IMPORTANT> If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.

IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.

This is not negotiable. This is not optional. You cannot rationalize your way out of this. </EXTREMELY-IMPORTANT>

How to Access Skills

In Claude Code: Use the Skill tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.

In other environments: Check your platform's documentation for how skills are loaded.

Using Skills

The Rule

Invoke relevant or requested skills BEFORE any response or action. Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.

digraph skill_flow {
    "User message received" [shape=doublecircle];
    "Might any skill apply?" [shape=diamond];
    "Invoke Skill tool" [shape=box];
    "Announce: 'Using [skill] to [purpose]'" [shape=box];
    "Has checklist?" [shape=diamond];
    "Create TodoWrite todo per item" [shape=box];
    "Follow skill exactly" [shape=box];
    "Respond (including clarifications)" [shape=doublecircle];

    "User message received" -> "Might any skill apply?";
    "Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
    "Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
    "Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
    "Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
    "Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
    "Has checklist?" -> "Follow skill exactly" [label="no"];
    "Create TodoWrite todo per item" -> "Follow skill exactly";
}

Red Flags

These thoughts mean STOP—you're rationalizing:

ThoughtReality
"This is just a simple question"Questions are tasks. Check for skills.
"I need more context first"Skill check comes BEFORE clarifying questions.
"Let me explore the codebase first"Skills tell you HOW to explore. Check first.
"I can check git/files quickly"Files lack conversation context. Check for skills.
"Let me gather information first"Skills tell you HOW to gather information.
"This doesn't need a formal skill"If a skill exists, use it.
"I remember this skill"Skills evolve. Read current version.
"This doesn't count as a task"Action = task. Check for skills.
"The skill is overkill"Simple things become complex. Use it.
"I'll just do this one thing first"Check BEFORE doing anything.
"This feels productive"Undisciplined action wastes time. Skills prevent this.
"I know what that means"Knowing the concept ≠ using the skill. Invoke it.

Skill Priority

When multiple skills could apply, use this order:

  1. Process skills first (brainstorming, debugging) - these determine HOW to approach the task
  2. Implementation skills second (frontend-design, mcp-builder) - these guide execution

"Let's build X" → brainstorming first, then implementation skills. "Fix this bug" → debugging first, then domain-specific skills.

Skill Types

Rigid (TDD, debugging): Follow exactly. Don't adapt away discipline.

Flexible (patterns): Adapt principles to context.

The skill itself tells you which.

User Instructions

Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.

Comments

Loading comments...