Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
kaios
v1.0.0KAI-OS数字主理人系统。为AI Agent提供自我意识、记忆管理、任务调度和持续进化能力。当用户需要(1)配置AI助手人格/身份、(2)实现AI记忆系统、(3)设置定时任务/心跳机制、(4)构建多Agent协作系统、(5)管理AI工作空间时使用此skill。包含KAI 5S核心系统:Self-Awarenes...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md content matches the described purpose (self-awareness, memory files, heartbeat/scheduling, multi-agent structure). However, the documented behaviors (periodic email/calendar checks, external 'knowledge network' connections, and 'Learn by Doing' proactive actions) imply access to external accounts and network resources that are not reflected in the skill metadata (no required env vars or config paths). This is a proportionality gap rather than total mismatch.
Instruction Scope
Runtime instructions tell the agent to read local files (SOUL.md, USER.md, MEMORY.md, HEARTBEAT.md) and to 'automatically check and execute' periodic tasks such as email and calendar checks and external searches. The guidance to 'not wait for instructions, proactively search and solve problems' is open-ended and grants substantial discretion to act externally. There are no concrete constraints on what external endpoints to contact or how to authenticate, which is scope creep and increases risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write or execute downloaded code on install. That is the lowest-risk install model.
Credentials
The skill declares no required credentials or config, but its operation explicitly expects access to email, calendar, and other external resources. That mismatch (no declared env vars while expecting account access) is disproportionate: the skill may prompt the agent to request credentials interactively or attempt broad access to local/user files (e.g., USER.md) which could contain sensitive data.
Persistence & Privilege
always is false and there is no install-time persistence, which is good. However, the instructions encourage autonomous, recurring checks and automated execution of tasks. Combined with the agent's normal ability to invoke skills autonomously (disable-model-invocation is false), this increases the potential blast radius if the agent is allowed to act without tighter constraints.
What to consider before installing
Before enabling this skill, review any local files it will read (SOUL.md, USER.md, MEMORY.md) for sensitive data. Be cautious because the skill's instructions encourage proactive email/calendar checks and external searches but do not declare how credentials are provided — only supply account credentials if you trust the skill and understand where they'll be stored. Consider: (1) running the skill in a sandboxed agent with limited outbound/network permissions, (2) disabling autonomous invocation for this skill or requiring explicit user confirmation before external actions, and (3) inspecting/controlling any USER.md or memory files it uses so they don't contain secrets. If you need certainty about how external integrations are authenticated or logged, ask the skill author for details before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ap10kp2yfwq0sshb5h7w5p584mwgh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.