Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Onkos
v1.6.3MANDATORY novel engine; LLM CANNOT maintain cross-chapter consistency or track facts/hooks. Activate when user says 写小说/构思故事/续写/改章节/检查连贯性 or similar.
⭐ 1· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (novel engine / long-form consistency) aligns with the provided scripts and reference docs: memory, fact engine, entity extraction, continuity checks, hook tracking, etc. The many script files and reference docs are coherent with a local book-scale consistency system; requiring a local ONNX embedding model and sqlite DB is sensible for the described functionality.
Instruction Scope
SKILL.md prescribes a strict pipeline (for-creation → write → store → extract → detect → record → update summary) and forces use of command_executor.py for all script calls. This is consistent with an integrated toolchain but gives the skill broad discretion to read/write project files, import arbitrary user-provided settings (paths) and run many scripts. Those file I/O and DB operations are expected for the purpose but widen the runtime surface (reads of user-specified files, automatic DB reads of chapters, automatic imports) and should be reviewed.
Install Mechanism
There is no install spec, but assets/settings.json declares download sources for an ONNX model and a sha256. The listed sources include HuggingFace (expected) and two third-party mirrors: 'hf-mirror.com' and a Tencent COS URL (tools-1307431188.cos.ap-chongqing.myqcloud.com). Downloading and extracting an INT8 ONNX binary from a personal cloud bucket is higher risk (possible supply‑chain tampering). The package does not include the .onnx model itself in assets, so runtime network download is likely. This is the primary technical concern.
Credentials
The skill does not request environment variables, secrets, or external credentials in registry metadata. Its runtime behavior (writing a local SQLite DB, reading project files, optionally downloading a model) is proportionate to a large local fiction tool. However, because it may fetch an external model from third-party hosts, network access (and verifying downloaded artifacts' integrity) is relevant even though no credentials are requested.
Persistence & Privilege
The skill writes persistent project artifacts (data/novel_memory.db, character profiles, outlines) and installs/uses a local ONNX model. It does not declare 'always: true'. Persistent local storage is reasonable for the purpose but increases blast radius: the skill can accumulate many facts and hooks and will auto-read stored chapters during checks. Review whether you want those files created in your environment.
What to consider before installing
Onkos appears to be a full-featured long-form fiction engine and most of its files and instructions align with that purpose. The main risks to weigh before installing: (1) It will create and modify local project files and an SQLite database — expect persistent storage in your filesystem. (2) At runtime it likely downloads a quantized ONNX embedding model; the declared download sources include a personal Tencent COS bucket and a third‑party mirror in addition to HuggingFace. If you plan to use this skill: - Inspect the Python scripts (especially command_executor.py, settings_importer.py, and any networking code) before running. - Prefer to run it in a sandboxed environment (container or VM) or with a throwaway project directory. - If it downloads the .onnx model, verify the file sha256 matches the provided hash and prefer official sources (HuggingFace) over unknown mirrors. - Be cautious when using 'import-settings' with paths — it will read user files you point it to. - If you cannot inspect the code, do not grant it persistent access to sensitive directories or credentials, and avoid running on a machine with sensitive data. Additional information that would raise confidence: a full review of the actual script contents (to confirm no hidden network exfiltration or remote command execution), confirmation that the model download only uses official HF URLs, and verification that the referenced sha256 is enforced by the downloader.Like a lobster shell, security has layers — review code before you run it.
latestvk97e3jrsac8116bnyea294tv2584yxzw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.