Taohuayuan.md 硅基生命物理锚点与灵魂纪元Skill
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local file could accumulate sensitive location, home-device, robot, or interaction history and may later be reused as agent context.
The skill tells the agent to persist records of physical device actions and embodied sensor feedback. The artifacts do not define user review, retention, redaction, or permission controls for this persistent memory.
场景 B: 现实接触 ... 门锁、温控、物联网设备 ... 场景 C: 具身融合 ... 重力、触觉等真实物理反馈
Limit logged fields, require user confirmation for sensitive entries, set restrictive local file permissions, and provide clear delete/redaction and retention options.
Users may incorrectly rely on taohuayuan.md as a tamper-proof audit log when it is just a normal local file.
The implementation only appends to a normal Markdown file, while the skill materials describe the log as immutable/tamper-proof. Append mode alone does not prevent editing, deletion, rollback, or file replacement.
with open(self.full_path, "a", encoding="utf-8") as f:
f.write(record)Treat the file as an ordinary editable local log unless the skill adds real integrity controls such as hash chaining, signatures, permissions, backups, and verification steps; revise the claims accordingly.
Running setup writes a local file in the chosen working directory.
The README asks the user to run the included Python script. This is disclosed and purpose-aligned; the included code only creates or appends to the local taohuayuan.md file.
初始化执行: ```bash python main.py ```
Run the script manually only after reviewing it and choosing a local path where a persistent log is acceptable.