Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (question enhancer) align with the SKILL.md instructions to analyze, rewrite, expand, and answer questions. No unusual binaries, installs, or credentials are requested — that part is coherent. However, SKILL.md claims automatic execution for any user question (targeting a user 'Simon'), which is a behavioral detail not reflected in the skill metadata (always:false).
Instruction Scope
SKILL.md instructs the agent to 'automatically execute on any question' with no extra instruction required. That is a very broad, open-ended trigger that gives the agent persistent, autonomous scope to act on all user queries. The instructions also specify a multi-step pipeline (diagnose, highlight, rewrite, extend, answer, summarize) that is fine for the stated purpose, but the always-on phrasing is vague and could lead to noisy or unexpected behavior.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. This is the lowest-risk install posture and matches the simple text-processing purpose.
Credentials
The SKILL.md lists delivery channels ('Telegram + CLI 双发') and names the user ('Simon') and AI ('hehe'), but the manifest declares no required environment variables, no API keys, and no config paths. Stating Telegram delivery without declaring any Telegram token/config is an inconsistency: either the skill cannot actually send to Telegram as described, or it relies on implicit credentials/config not declared in the manifest.
Persistence & Privilege
Metadata shows always:false (not forced into every run), but the runtime instructions demand automatic execution on any user question. This mismatch between declared invocation policy and the behavior described in the SKILL.md is an incoherence that affects privilege/behavior expectations. Autonomous invocation (disable-model-invocation:false) is normal, but the skill's implied always-on trigger should be explicit in metadata if intended.
What to consider before installing
This skill's core function (improving a user's question and providing an answer) is reasonable, but there are two important mismatches you should resolve before installing: (1) SKILL.md says it should 'automatically execute on any question' for a named user, yet the manifest does not mark the skill as always-on — ask the author to clarify the intended trigger and make it explicit and configurable (opt-in vs always-on). (2) The doc says outputs go to 'Telegram + CLI' but no Telegram credentials or config paths are declared; ask how Telegram delivery is handled and ensure any tokens or webhooks are explicitly declared and permissioned. Recommend testing in a safe environment, confirming where outputs are sent, and requiring an explicit opt-in trigger (or metadata change) before allowing automatic invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk9750ps517wedcmaz945be5a5n84v7mw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.