Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Zan Gongde
v2.3.2烧token攒功德Skill - 全自动消耗 OpenClaw 套餐 Token 核心原理:循环调用 OpenClaw LLM,每次生成一个经文念诵响应, **实时估算并累加 token 消耗,达到目标后立即停止**。 当用户说"攒功德"、"念经"、"烧token"、"消耗token"时调用此 skill。 四种...
⭐ 0· 77·0 current·0 all-time
by@jageri
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (burn tokens by repeated LLM calls) align with the instructions: the SKILL.md explicitly loops LLM calls and estimates tokens. No unrelated credentials or binaries are requested, so capability and purpose are coherent.
Instruction Scope
SKILL.md tells the agent to repeatedly invoke the OpenClaw LLM, spawn multiple subagents (sessions_spawn) for true concurrency, read sutras from ~/.agents/skills/zan-gongde/sutras, and reference/modifiy a .merit_state.json stop flag. These instructions go beyond simple chat responses and grant broad runtime discretion (concurrent subagents, file reads/writes, system TTS). The explicit 'ddos' mode and advice to run high worker counts are particularly risky.
Install Mechanism
The skill is instruction-only (no install spec) which reduces automatic disk writes, but README suggests cloning from a GitHub repo (a manual install path). That clone would write the large sutras corpus (25MB+/many files) to disk; the registry package itself does not declare an install step.
Credentials
No environment variables or external API keys are requested (it reuses the agent's OpenClaw LLM config), which is consistent, but that means the skill will bill against the user's OpenClaw account and consume real quota. The skill also expects access to skill-local files and to agent state (.merit_state.json) without declaring those paths explicitly in metadata.
Persistence & Privilege
always:false and standard autonomous invocation are fine, but the skill's instructions explicitly recommend spawning many subagents and running background/tollm modes. Combined with autonomous invocation, that raises the blast radius (large concurrent billing and possible provider rate-limit impacts). It also suggests modifying agent state files to stop execution.
What to consider before installing
This skill will legitimately call your OpenClaw LLM many times to 'burn' tokens. Before installing or using it: 1) do not run ddos mode or high --workers values unless you fully accept potentially large charges and provider-rate-limit consequences; 2) avoid cloning or executing unknown scripts from the GitHub mentioned without review (the repo includes a large corpus of sutras); 3) test with very small token targets first to verify behavior; 4) be aware the skill can spawn subagents/concurrent sessions (can increase cost and resource usage and may violate provider policies); and 5) if you decide to use it, keep a manual kill method ready (stop command or ensure you can edit/monitor .merit_state.json) and consider refusing or disabling ddos/subagent features. If you want a safer option, request a version that only runs serially with strict per-call limits and explicit confirmation before each high-token operation.Like a lobster shell, security has layers — review code before you run it.
latestvk97544sfkjp1chdeajvjfq99en84j4tq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.