GTC Intelligence
v1.0.0提供2026年GTC前的非公开及半公开情报汇总,重点验证关键产品路线、架构及供应链合作细节。
⭐ 0· 194·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and SKILL.md are coherent: the skill is an information collection plan to validate non‑public and semi‑public signals before GTC. However the registry entry has unknown source and no homepage, which reduces provenance and trust. Nothing in the skill requests unrelated system credentials or installs, so capability requests are proportionate to stated purpose.
Instruction Scope
SKILL.md instructs the agent/team to verify non‑public/half‑public signals via on‑site questioning, remote monitoring, and supply‑chain checks and includes detailed question lists. The instructions do not tell the agent to read local files or env vars, but are broad and open‑ended about collection methods (e.g., '远程监控', '现场验证'), which gives the agent wide discretion and could enable social‑engineering or other ethically/legally questionable collection techniques. There are no explicit safeguards or constraints on what sources or tactics are allowed.
Install Mechanism
Instruction‑only skill with no install spec and no code files present. This is low technical risk — nothing is written to disk or fetched at install time.
Credentials
The skill requests no environment variables, credentials, or config paths. There's no disproportionate access to secrets or unrelated services declared.
Persistence & Privilege
always:false and no special persistence requested. However model invocation is enabled (default), so the agent could autonomously run intelligence‑gathering workflows that the SKILL.md describes; combined with the skill's goal of collecting non‑public information, that increases the potential blast radius if misused. Recommend requiring human approval for sensitive actions.
What to consider before installing
This skill is essentially a playbook for collecting and validating non‑public / semi‑public intelligence around GTC products and supply chains. Technically it is coherent and low‑risk to install (no code, no credentials), but it has several practical and ethical concerns: (1) origin is unknown (no homepage), so you can't verify the author or intent; (2) instructions are broad/vague about collection methods and include on‑site questioning and remote monitoring — this can enable social engineering or acquisition of proprietary information if the agent is allowed to act autonomously; (3) there are no safeguards or rules of engagement (legal/ethical constraints, do‑not‑collect lists, logging or human approval gates). Before installing, consider: only run this with explicit human oversight; restrict autonomous invocation or require manual approval for any contact or data‑collection actions; limit the skill to public/open sources only (search results, official docs, press releases); ensure organizational legal/privacy review approves the intelligence collection scope; and prefer skills with verifiable authorship. If you will not enforce those controls, avoid installing or running this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk974dfkhr7vn4yarsbwpkdycwx82ch1y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.