真实的人类
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal traits, preferences, relationships, and inferred characteristics could be saved and reused in later conversations without clear opt-in or review.
The skill tells the agent to automatically create, update, and later reuse persistent per-user models across interactions.
当遇到新用户时,AI 会自动创建基础模型... 每次互动后,提取关键信息更新模型... 需要个性化 → 读取用户模型
Require explicit user consent before creating a model, confirm important inferred traits before storage, and define clear retention, correction, and deletion controls.
Stress, emotional state, or mental-health-adjacent information may be under-protected, stored, or reused as ordinary personalization data.
The example extracts emotional or mental-state-adjacent information and marks it as non-sensitive, even though the same reference lists psychological state as information needing authorization.
用户输入: "最近工作压力很大,每天加班到很晚,感觉快撑不住了" ... "情绪状态": "压力/疲惫" ... "敏感标记": false
Treat health, mental state, family conflict, finances, and similarly sensitive data as sensitive by default, and require explicit authorization before recording or reusing it.
Users may assume sensitive profile data is technically protected when the artifacts only state a policy or intention.
The skill describes encrypted/authorized handling of sensitive profile data, but the supplied package is instruction-only and does not define an enforcement mechanism.
{user_id}-private.md # 敏感信息(加密/授权)Verify platform-level encryption and access controls before storing sensitive profiles, or make the skill explicitly manual and consent-based.