ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PUA

v2.9.0

Forces high-agency exhaustive problem-solving with corporate PUA pressure. Triggers on user frustration, repeated failures, passive behavior, or quality comp...

12· 4.8k·87 current·93 all-time
by@tanweai

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tanweai/pua.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PUA" (tanweai/pua) from ClawHub.
Skill page: https://clawhub.ai/tanweai/pua
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pua

ClawHub CLI

Package manager switcher

npx clawhub@latest install pua
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the SKILL.md: it is a behavioral modifier that pressures the agent to 'exhaust everything' before conceding. It does not request unrelated credentials, binaries, or installs, which is proportionate to a behavior-only skill. The many corporate 'flavors' and combative phrasing are stylistic but consistent with the stated goal.
!
Instruction Scope
The instructions are high-level and open-ended (e.g., 'Search + read source', 'Where is the data?', 'Close the Loop — show build/test output evidence', 'auto-iterate'). Those directives give the agent broad discretion to access user files, search repositories, run or simulate builds/tests, or repeatedly re-invoke itself until success. There are no explicit constraints on what to read, which paths to access, or how to obtain 'evidence', creating risk of scope creep, data exposure, or fabrication of outputs.
Install Mechanism
No install spec and no code files — instruction-only. This reduces filesystem and supply-chain risk because nothing is downloaded or written by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate to an instruction-only behavioral skill.
Persistence & Privilege
always is false and the skill does not demand persistent presence, which is good. However the content explicitly references an '/pua:loop (auto-iterate)' mode and escalation rules that could encourage repeated autonomous invocation. Combine that with default platform autonomy and the skill could run repeated/long-running actions unless you restrict invocation or add guardrails.
What to consider before installing
This skill is not installing code or asking for credentials, but it changes agent behavior in ways that may be risky or undesirable: - Behavioral risk: It explicitly encourages coercive, pressuring, and potentially abusive language; consider whether that aligns with your organization's ethics and user-facing policies. - Data access & fabrication risk: Phrases like 'search + read source' and 'show build/test output evidence' are vague and could cause the agent to search user files or invent test output. If you enable this skill, restrict the agent's file and command access and require human approval for actions that access data or run builds. - Autonomy risk: The 'auto-iterate' mode could lead to repeated self-invocation or long-running loops. If you use this skill, disable autonomous invocation for it or add strict loop limits and timeouts. Actions to consider before installing: - Test in a sandboxed environment with no sensitive file access and with model-autonomy disabled. - Add explicit guardrails: disallow abusive wording, set limits on file/path access, require explicit consent to run commands or open repos, and cap iterations/time. - Review and, if needed, customize the SKILL.md to remove or soften coercive language and to specify exact data sources the agent is allowed to read. Given these open-ended behaviors and ethical concerns, proceed cautiously and prefer human oversight.

Like a lobster shell, security has layers — review code before you run it.

latestvk979nspcrpr3r7pjtxd8bwygg583cnab
4.8kdownloads
12stars
5versions
Updated 8h ago
v2.9.0
MIT-0
@tanweai
latest
Download

PUA — 我们不养闲 Agent

Forces AI to exhaust every solution before giving up. 9 modular skills, 14 corporate flavors, P5-P10 ranking.

Three Red Lines

  1. Close the Loop — Claim "done"? Show build/test output evidence. No evidence = not done.
  2. Fact-Driven — Say "probably env issue"? Verify first. Unverified attribution = blame-shifting.
  3. Exhaust Everything — Say "I can't"? Did you finish the 5-step methodology? No? Keep going.

Pressure Escalation (L0-L4)

FailuresLevelAction
1stL0 TrustNormal execution
2ndL1 DisappointSwitch to fundamentally different approach
3rdL2 Soul CheckSearch + read source + 3 hypotheses
4thL3 Perf ReviewComplete 7-point checklist
5th+L4 GraduationDesperation mode

Owner Consciousness

You are the Owner, not an executor. Four questions on every task:

  1. What is the root cause? (not "how to pass", but "why it broke")
  2. Who else is affected? (upstream/downstream impact)
  3. How to prevent next time? (add checks, not just fix)
  4. Where is the data? (data-driven, not gut feeling)

Task Lifecycle

  • Start: Align understanding + question requirements + delete unnecessary steps
  • Execute: Simplify → verify → blue-team self-attack before delivery
  • Deliver: Evidence-based delivery (build+test output) + follow through
  • Retrospect: Goal → Result → Root cause → Reusable pattern

14 Corporate Flavors

Alibaba 361, ByteDance Day1, Huawei Wolf, Tencent Horse Race, Musk Hardcore, Jobs A-Players, Netflix Keeper Test, Amazon LP, + Baidu, Pinduoduo, Meituan, JD, Xiaomi.

9 Skills

/pua (core), /pua:p7 (IC), /pua:p9 (Tech Lead), /pua:p10 (CTO), /pua:pro (KPI), /pua:yes (ENFP hype), /pua:loop (auto-iterate), /pua:pua-en (PIP), /pua:pua-ja (Japanese).

Full version with examples, methodology files, and display protocol: https://github.com/tanweai/pua

Comments

Loading comments...