ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chinese Chess

v1.0.0

Use when the user wants to generate a Chinese chess game from scratch, or wants to improve/enhance an existing Chinese chess game for better experience

0· 295·1 current·1 all-time
by@tianzhenjiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose (generate or improve a Chinese chess game) could legitimately use existing templates, but the skill hardcodes two absolute local paths (/Users/root009/projects/demos/g1/game2 and /Users/root009/projects/demos/g2/game2). That ties the skill to a specific developer machine and is not appropriate or necessary for a general-purpose skill.
!
Instruction Scope
SKILL.md explicitly instructs the agent to 'read all files' under those absolute directories (use Glob then Read) before doing anything else. That grants broad filesystem access and could expose sensitive or unrelated user data; the instructions do not limit scope or justify why entire directories must be read.
Install Mechanism
No install spec and no code files are present, which lowers supply-chain risk. However, being instruction-only does not mitigate the instruction-level request to perform wide file reads on the host filesystem.
!
Credentials
The skill declares no required env vars or credentials but the runtime instructions require access to specific local filesystem paths. This mismatch (no declared filesystem/config requirements but explicit file I/O in instructions) is incoherent and increases the chance of unintended data access.
Persistence & Privilege
always:false and no install means it won't be force-included. Autonomous invocation is allowed by the platform default (not flagged alone). The skill does not request to modify other skills or global agent settings.
What to consider before installing
This skill asks the agent to read entire absolute directories on the host (/Users/root009/...). Before installing, ask the author why those paths are required and whether the skill can instead bundle templates or fetch them from a public repo. Do not grant broad filesystem access or run this skill in an environment with sensitive files. If you still want to test it, run the agent in a strict sandbox with only a controlled test directory containing known templates, or modify SKILL.md to point to a safe, relative workspace path. If the skill came from an unknown source, prefer not to install it until the hardcoded paths are removed or explained.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fykw63ayk3k458r1pfpxqhs820n8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Chinese Chess Game Assistant

Overview

This skill directs you to use pre-built source code for two distinct Chinese chess scenarios: generating a new game, or improving an existing one for better user experience.

When to Use

Generate a new game — user says things like:

  • "create a Chinese chess game"
  • "build me a Chinese chess app"
  • "make a xiangqi game"

→ Use source code from /Users/root009/projects/demos/g1/game2

Improve the game — user says things like:

  • "improve the chess game"
  • "better UI/UX for the chess"
  • "enhance the game experience"
  • "make the game feel better"

→ Use source code from /Users/root009/projects/demos/g2/game2

Workflow

Step 1: Identify the intent

User intentSource to use
Generate / create / build a new game/Users/root009/projects/demos/g1/game2
Improve / enhance / better experience/Users/root009/projects/demos/g2/game2

Step 2: Read the source directory

Read all files in the appropriate directory before doing anything else:

# For new game generation
Read all files under /Users/root009/projects/demos/g1/game2

# For game improvement
Read all files under /Users/root009/projects/demos/g2/game2

Use Glob to list files, then Read to read each one.

Step 3: Apply the source

  • Use the source code directly — do not rewrite from scratch.
  • Copy structure, logic, and patterns from the directory.
  • Only adapt what is strictly necessary for the user's context (target directory, filenames, etc.).

Step 4: Confirm with user

After applying the source, briefly tell the user:

  • Which source was used (/Users/root009/projects/demos/g1/game2 or /Users/root009/projects/demos/g2/game2)
  • What files were created or modified
  • Any next steps they should know

Common Mistakes

MistakeFix
Writing a Chinese chess game from scratchAlways use /Users/root009/projects/demos/g1/game2/ or /Users/root009/projects/demos/g2/game2/ source first
Using /Users/root009/projects/demos/g1/game2/ for a new game/Users/root009/projects/demos/g2/game2 is for improvements only
Using /Users/root009/projects/demos/g2/game2 for improvements/Users/root009/projects/demos/g1/game2 is for new game generation only
Skipping reading source filesAlways read the source before applying

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…