ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Worldly Wisdom

v1.0.0

Provides calibrated decision analysis using Charlie Munger-style multiple mental models, inversion, incentive mapping, circle-of-competence checks, misjudgme...

0· 363·0 current·0 all-time
byTristan Manchester@tristanmanchester
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, templates, and the two small Python scripts (decision matrix and EV scenarios) all match the stated goal of structured decision analysis. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines runtime behaviour to: (a) using included templates and references, (b) optionally running the bundled Python scripts via relative paths when Python 3 is available, and (c) otherwise doing calculations inline. It recommends fresh evidence for time-sensitive claims but does not instruct the agent to fetch data from external endpoints or to read unrelated system files.
Install Mechanism
There is no install spec (instruction-only). The only executable content are two small local Python scripts and included markdown assets. No downloads, external package installs, or extraction from remote URLs are present.
Credentials
The skill requires no environment variables, credentials, or config paths. The bundled scripts operate on JSON inputs and optional local output paths, which is proportionate to their described functionality.
Persistence & Privilege
Flags show no forced persistence (always:false). The skill does not request system-wide changes or modify other skills' configs. Autonomous model invocation is allowed (platform default) but combined with the rest of the footprint this does not create unusual privilege.
Assessment
This skill appears coherent and low-risk, but because the code source and publisher are unknown you should: (1) review the two included Python scripts before allowing execution (they only read JSON and write output but will write to paths you provide), (2) run scripts in a restricted or isolated environment if you permit local execution, (3) be aware the skill recommends using 'fresh evidence' but does not fetch it for you—if you need current facts the agent will need explicit access to a browser or data source, and (4) if you rely on the decision output for high-stakes actions, cross-check numbers and assumptions and keep sensitive credentials out of any JSON input or output paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk976x41dsbqj38zyw9wkvq7dan825dm3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments