ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mao Emperors

v1.0.0

基于毛泽东思想与五位历史帝王智慧,提供战略分析、矛盾分析与组织设计的多角色决策支持系统。

0· 287·1 current·1 all-time
byLiu ThreeThree@threethreeliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Multi‑Agent, Mao + five historical emperors) match the included files (SKILL.md, agent role docs, examples). No unrelated binaries, env vars, or installs are requested — the declared purpose fits the actual artifact.
Instruction Scope
SKILL.md is an instruction‑only runtime spec describing agent roles, output format, and example prompts — all within the stated domain. However the content is explicitly ideological and occasionally advocates strong/coercive measures in examples (e.g., rhetoric about severe punishment, 'guns bring power' phrasing). While not a direct runtime instruction to access hosts/credentials, these policy/retribution recommendations could produce harmful or extreme advice if used as-is. Also the pre‑scan flagged unicode control characters inside the SKILL.md (possible prompt‑injection/obfuscation attempt) — inspect for hidden characters before trusting outputs.
Install Mechanism
No install spec and no code files that execute downloaded artifacts; this is instruction‑only which reduces technical install risk. There is documentation referencing ClawHub/Claw CLI for publishing, but that is standard docs, not an installer.
Credentials
The skill requires no environment variables, binaries, or credentials. Requested capabilities are purely documentation/agent behavior; there is no disproportionate access to secrets or system config.
Persistence & Privilege
Flags show always:false and normal autonomy settings. The skill does not request permanent presence or modify other skills/config; there is no evidence it writes persistent credentials or system‑level changes.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters. For an instruction‑only skill this is unexpected: such characters are commonly used to obfuscate text or perform subtle prompt‑injection. This could be benign (formatting artifacts) but should be inspected and removed/decoded before trusting the skill.
What to consider before installing
This skill is coherent with its advertised role (a Multi‑Agent decision helper) and has low technical footprint (no installs, no env vars). However: 1) SKILL.md contains detected unicode control characters — open the file in a hex or raw‑text view and remove/verify any hidden characters before enabling it. 2) The content is explicitly ideological and includes examples that recommend harsh or coercive measures; be cautious using its outputs for real policies, legal actions, or anything that could harm people. 3) Verify the author/repository (the GitHub link is a placeholder) and test the skill in a restricted environment (no autonomous runner, low privileges) using safe prompts first. If you plan to allow autonomous invocation, consider restricting its permissions and monitoring outputs closely.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j7sxpe11crt2tm1qc45k1h82g8mk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments