Skill Box
ReviewAudited by ClawScan on May 10, 2026.
Overview
This self-reflection skill is coherent, but it asks to inspect logged-in social accounts and chat exports, save sensitive profiles, and contains conflicting privacy promises about raw data.
Only install or use this if you are comfortable letting the agent inspect selected logged-in social pages, chat exports, screenshots, and digital-history files. Use a separate browser profile if possible, approve each data source one by one, avoid full-account scans, and review/delete generated files under `profiles/` because they may contain sensitive excerpts or personality inferences.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used broadly, the agent may see private posts, likes, follows, collections, and other account data visible in the logged-in browser, even though the skill says it should not modify anything.
The skill directs the agent to use the user's logged-in browser session to inspect private account pages and social data across multiple platforms.
agent 用 browser(profile="user") 连接用户浏览器 ... 微博:个人主页、发帖记录、关注列表 ... 知乎:回答列表、关注话题、赞同内容 ... 小红书:笔记内容、收藏列表
Use a separate browser profile or narrowly selected pages, confirm each platform before access, and avoid accounts containing data you do not want analyzed.
Generated profile files could preserve private or embarrassing statements and behavioral inferences after the session ends, and those files may be exposed if the local workspace is shared or backed up.
The skill can persist reports containing excerpts from embarrassing historical social content, creating durable local files with sensitive personal context.
写入两个文件:`profiles/cringe_{timestamp}.json` ... "excerpt": "摘录(脱敏后)" ... `profiles/cringe_{timestamp}.md` ... 1. [原文摘录]Default to redacted summaries, ask explicit permission before saving verbatim excerpts, and provide clear deletion/retention controls.
A user may consent under the impression that only abstract patterns are saved, while reports may include recognizable original posts or chat excerpts.
This privacy promise conflicts with other included prompts that require original quotes or excerpts, so users may believe raw text will not be retained when some workflows ask for it.
不输出原始数据:profile 只保留行为模式分析,不保留用户的原始文本
Align the prompts with the privacy promise, or clearly tell users when raw excerpts will be included and require separate confirmation.
The intended file actions are scoped to profiles, but broad tool access means users should watch for any unexpected shell commands or file operations.
The skill requests broad local file and shell-capable tools while its documented workflows mainly need reading prompt files and writing/deleting scoped profile files.
allowed-tools: Read, Write, Edit, Bash ... 管理命令 ... `删除 profile {slug}` | 确认后删除指定 profileKeep file operations limited to the skill's profile directory and require confirmation before deletion or any Bash command.
Those additional skills may have different permissions or behavior that are not covered by this review.
The skill suggests optional installation of external skills that are not part of the reviewed artifact set.
同事.skill | `clawhub install colleague-skill` ... 前任.skill | `clawhub install ex-skill`
Review any external skill separately before installing it.