Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Box
v1.0.4数字人生.skills — 5 个考古工具,用数字痕迹照见真实的自己。 触发词:遗产清算、社死考古、AI替身、前世、墓志铭、数字人生、考古工具箱、digital life
⭐ 0· 71·1 current·1 all-time
bywildbyte@wildbyteai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is an instruction-only 'digital life' analysis toolbox that asks to read user-provided text, screenshots, and — importantly — to use browser(profile="user") to scrape personal pages. That capability is coherent with the stated purpose (it needs access to your social feeds and exports). One mismatch: the declared allowed tools include Bash (shell access), which is not referenced in the SKILL.md workflows and appears disproportionate to a purely prompt-driven analysis tool.
Instruction Scope
Runtime instructions explicitly direct the agent to connect to the user's logged-in browser profile and fetch/screenshot personal pages, read uploaded chat exports/screenshots, and then write structured profiles to local files. Those actions are necessary for the skill's goals but are high-sensitivity (access to live authenticated sessions and private chat logs). The SKILL.md promises 'all analysis local, do not upload', but that is a policy-level assertion the skill cannot technically enforce. The instructions also tell the agent to read and write files under profiles/, which is expected, but the agent is granted broad tooling (Read/Write/Edit/Bash) that could be used beyond the documented steps.
Install Mechanism
Instruction-only skill with no install spec, no external downloads, and no declared dependencies — this is the lowest-risk installation footprint and matches the described design.
Credentials
The skill declares no required environment variables or external credentials, which aligns with its stated purpose. However, the runtime guidance asking the agent to connect to browser(profile='user') implies access to whatever authentication/session tokens are active in the user's browser. That is proportional to the task but also sensitive. The presence of Bash in allowed-tools (absent a justification in the SKILL.md) is disproportionate and increases risk surface if granted.
Persistence & Privilege
The skill is not always-on and is user-invocable (good). It writes profile JSON/MD files to a local profiles/ directory and supports versioning/rollback — this is consistent with its function. Nothing in the manifest indicates modification of other skills or system-wide settings. Still, because it can read/write local files and access the browser session, the resulting local data store could be sensitive and should be protected (encryption/access controls).
What to consider before installing
This skill is internally coherent for its stated purpose (analyzing your digital traces) but touches highly sensitive data: your logged-in browser sessions and exported chats/screenshots. Before installing or running it, consider the following:
- Only run the skill when you have signed into the exact accounts you want analyzed; do not run it if other unrelated accounts are logged in the same browser profile.
- The SKILL.md promises 'local only' processing, but that is a behavioral rule, not a technical guarantee you can verify from the skill package itself. Treat that as a trust claim.
- The skill requests permission to use the browser proxy (browser(profile="user")). That gives the agent access to pages you can see while logged in. If you are uncomfortable exposing entire feeds or chat exports, opt to provide only redacted excerpts or screenshots, or run with an isolated browser/profile.
- The allowed-tools list includes Bash (shell). If your runtime lets you control which tools the agent may use, remove or deny Bash unless you explicitly need shell operations — the SKILL.md does not require shell usage for normal operation.
- Review and protect the profiles/ output folder: these files will contain structured summaries of private content. Back them up securely or encrypt them if they must be stored long-term, and delete them when no longer needed.
- Test the workflow first with non-sensitive data (fake accounts or redacted exports) to confirm behavior and ensure nothing is posted or transmitted outside your environment.
If you need higher assurance, ask the skill author for a minimal-run checklist (exact browser endpoints accessed, concrete examples of commands the agent will run, and a signed statement of 'no network uploads' with reproducible local-only behavior), or run the skill in an isolated VM/container and inspect network traffic and file writes.Like a lobster shell, security has layers — review code before you run it.
latestvk970yq801v7br66vdxgjnvrq11840xwm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.