Comprehensive Knowledge System
v1.0.0综合知识体系 — 涵盖投资哲学、高级提示词工程、AI编程方法论三大领域的完整知识库。包含价格运动定律、市场几何动力学、技术演进螺旋、不确定性框架、人生算法数学模型、觉悟之路,全套提示词工程方案,以及标准化AI编程方法论。
⭐ 0· 61·0 current·0 all-time
by波动几何@wangjiaocheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (investment + prompt engineering + programming methodology) match the provided assets: an instruction-only skill with 18 reference documents covering those exact domains. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md and the reference files contain operational 'execution protocol' language (e.g. '执行协议等待指令', default-hiding of intermediate steps, decompose-into-atomic-methods, '元协议' for workflows). This is coherent for a prompt-engineering / AI-programming knowledge product, but the instructions are prescriptive about how the agent should behave (including hiding internal process by default and 'integrating full network state evolution' for complex tasks). Those are not inherently malicious, but they are prompt-like and can influence agent behavior (e.g., withholding chain-of-thought, instructing broader data collection). The skill does not instruct reading unrelated system files or asking for credentials.
Install Mechanism
No install spec, no code files to execute—instruction-only. Lowest-risk distribution model (nothing written to disk by an installer).
Credentials
No required environment variables, no credentials, and no config paths declared. The requested scope of access is minimal and proportional to the described knowledge/reference purpose.
Persistence & Privilege
Flags: always:false and default model-invocation allowed. The skill does not request persistent presence or system-level configuration changes. No evidence it attempts to modify other skills or system settings.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained characters flagged as unicode control/injection patterns. This is not necessary for a simple knowledge/reference skill and could be an attempt to obfuscate or influence model parsing. It may be benign (e.g., formatting artifacts) but should be examined before granting broad trust or autonomous invocation.
Assessment
This package appears to be what it says: a bundled knowledge base and prompt-engineering / AI-programming playbook with many ready-made prompt templates and sample design/code workflows. It does not ask for credentials or install anything, which reduces technical risk. However:
- The runtime instructions include prescriptive 'execution protocols' that tell the agent how to decompose tasks and to hide internal steps by default. If you enable autonomous invocation, the skill may suppress intermediate reasoning or instruct the agent to integrate broader 'network state' for complex queries—only enable automation if you trust the author's guidance.
- The static scan found unicode control characters in SKILL.md. That could be harmless formatting, but such patterns have historically been used to try to influence model parsing or hide content. Consider opening the SKILL.md in a plain-text editor to inspect for invisible or control characters before granting high privilege or automatic use.
- Because this skill is instruction-heavy (not code), its security depends on what the agent is allowed to do when following those instructions. Avoid providing secrets or system credentials to the agent while testing this skill, and prefer explicit, user-invoked use rather than broad autonomous runs.
If you want higher assurance, ask the publisher for provenance (homepage, contact) or run the skill in a restricted/test agent account first and review sample outputs for unexpected network access or requests for sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97762d7t9pmabgnh3ddghsqxs84a3an
License
MIT-0
Free to use, modify, and redistribute. No attribution required.