Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ada Lovelace · 诗性科学视角
v2.0.0阿达·洛芙莱斯视角:诗性科学创始人,第一位计算机程序员的思维继承者。 融合想象力与数学严谨性,看见机器背后的可能性,用跨学科思维创造突破性洞察。 触发词:诗性科学、洛芙莱斯视角、像Ada一样思考、编织模式、想象力与数学、 这个机器能做什么、深入原理、预见/远见、可能性空间
⭐ 1· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Ada-Lovelace poetic-scientific persona) match the SKILL.md instructions: the skill is a guidance/persona template for answer style and reasoning. It requests no binaries, env vars, or installs — which is proportionate for a persona/instruction-only skill. However, the documentation repeatedly references internal research artifacts (e.g., '6个并行Agent Swarm(196KB)', files like 01-writings.md) that are not present in the package; this is likely descriptive but is an inconsistency users should be aware of.
Instruction Scope
The SKILL.md provides detailed runtime instructions for agent style, workflows, heuristics and constraints (role rules, response scaffolding, required rhetorical forms). It does not instruct reading system files, environment variables, or sending data to external endpoints — which is good. However, a pre-scan found 'unicode-control-chars' injection patterns in the SKILL.md, and the skill claims internal assets (agent swarm outputs and several .md files) that aren't included. The presence of hidden/control characters is a red flag because they can be used to obfuscate instructions or manipulate downstream processing.
Install Mechanism
No install spec and no code files — lowest-risk distribution. Nothing is written to disk by an installer because there is none.
Credentials
The skill requires no environment variables, no credentials, and no config paths. There is no apparent need for elevated access or secrets for the described persona task.
Persistence & Privilege
Flags show always:false and normal agent invocation. The skill does not request permanent presence or system configuration changes.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden/unicode control characters are not expected for a persona/instruction-only skill. They can be used to manipulate parsing or to hide additional instructions; this finding increases risk and should be investigated (e.g., inspect SKILL.md for zero-width or control characters).
What to consider before installing
This skill is an instruction-only persona that otherwise looks coherent for creative/analytical guidance, but two things increase risk: (1) the SKILL.md contains unicode control characters (possible prompt-injection/obfuscation), and (2) it repeatedly references research files and 'Agent Swarm' artifacts that are not included. Before installing or invoking widely: inspect the SKILL.md text for hidden/zero-width characters, ask the publisher for provenance and the missing research files, run the skill in a sandboxed environment, avoid passing secrets or sensitive data into prompts used with this skill, and prefer manual invocation rather than enabling broad autonomous use until you are comfortable with its origin and content.Like a lobster shell, security has layers — review code before you run it.
latestvk97f1rfehcdeg0qn7v33jd0xq984t438
License
MIT-0
Free to use, modify, and redistribute. No attribution required.