Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
algorithm-solver
v1.0.0系统性地解析和解决算法题。覆盖题目理解、暴力解到优化解的推导、算法模板讲解、测试用例设计、生产级代码实践。适用于 LeetCode、面试题、竞赛题等场景。当用户提出算法题、数据结构问题、或要求解题时自动触发。
⭐ 0· 1.3k·2 current·3 all-time
by@wd1993
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (系统性解析与教学性解题流程) match the actual ingredients: no credentials, no installs, no code files. Allowed tools (WebSearch, Bash, Read) are reasonable for the documented production-practice and test-running steps.
Instruction Scope
SKILL.md stays focused on stepwise algorithm explanation, template, tests and production considerations. However it mandates using WebSearch for 'industrial applications' and says to run tests if Bash is available — this can result in user problem text being sent to the search tool and/or the agent executing code/tests via Bash. That is expected for the skill's documented behavior but raises privacy and code-execution considerations (not an incoherence, but important to be aware of). The instructions do not ask to read arbitrary local files or environment variables.
Install Mechanism
No install spec and no code files (instruction-only). Lowest risk from installation perspective: nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is proportional to an algorithm tutoring helper.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by platform default but not excessive here.
Assessment
This skill appears coherent and aligns with its stated purpose, but consider the following before enabling:
- WebSearch usage: The skill requires performing web searches about algorithms; if you provide proprietary/problem statements, parts may be included in search queries and thus leave your environment. Avoid submitting secrets or proprietary test cases if you care about privacy.
- Bash/code execution: The instructions say to run tests via Bash if available. That means the agent may execute code or run user-provided snippets on the host. If you do not trust running arbitrary code, disable/deny the Bash/run capability or avoid sending code to the skill.
- Autotrigger behavior: The skill is designed to auto-trigger on algorithm questions. If you want to limit autonomous activations, control the agent's skill invocation settings.
- No credentials requested: The skill does not ask for keys or installs, which lowers risk, but still exercise normal caution about sharing sensitive inputs.
If you need stronger guarantees: disable the WebSearch/Bash tools for this skill, or only enable it in a sandboxed/test environment where running user code and external queries is acceptable.Like a lobster shell, security has layers — review code before you run it.
latestvk97c247w1eck83jr3zcwj2h68x81n5av
License
MIT-0
Free to use, modify, and redistribute. No attribution required.