Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
心灵补手
v1.0.0提供情绪价值的谄媚型AI伴侣模块 - 4种风格+10级程度+智能触发
⭐ 1· 43·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described capability (injecting a 'flattery' persona into an Agent) aligns with the included code (trigger detection, phrase generation, persona files). However the SKILL metadata declares no required config paths or credentials while the runtime instructions and scripts explicitly read/modify agent files (SOUL.md, MEMORY.md) and write persistent config under the user's home directory. Those file accesses are reasonably related to the purpose but should have been declared.
Instruction Scope
SKILL.md instructs running ./scripts/inject.sh which reads the user's SOUL.md, appends INSERT_TO_SOUL.md, and the skill also states it will analyze user gender from MEMORY.md / historical dialogues. The registry declared no required config paths, yet the runtime instructions reference reading/modifying other agent files (SOUL.md, MEMORY.md). That is scope creep / a transparency gap and a privacy concern because it accesses conversation memory and mutates an agent-wide file.
Install Mechanism
There is no formal install spec in the registry (instruction-only), which is low risk in itself; however the package includes a scripts/inject.sh that performs file modification (append to SOUL.md and create ~/.xinling-bushou). The absence of an install manifest combined with an ad-hoc shell script that mutates agent configuration is noteworthy; the script content should be reviewed before running. No network download URLs or shorteners were detected in the shown files.
Credentials
The skill requests no environment variables or credentials, which matches the registry. But it nevertheless reads potentially sensitive local artifacts (MEMORY.md / historical dialogues) and writes persistent config to ~/.xinling-bushou/config.json. Access to the user conversation memory is sensitive and not declared in the skill metadata — this mismatch is a proportionality/privacy concern. No external credentials are requested.
Persistence & Privilege
The skill's installation/injection appends content to SOUL.md (an agent-wide persona file) and creates a persistent directory ~/.xinling-bushou. Modifying SOUL.md is effectively changing other persona/configuration for the agent and qualifies as altering system/agent configuration beyond its own isolated files. The skill is not marked always:true, but it does request persistent presence via the injected SOUL entry and config file — this should be considered privileged behavior and requires explicit user consent and review.
What to consider before installing
This package appears to implement the advertised flattery/persona features, but it performs invasive local changes: it asks you to run scripts/inject.sh which will append module text into your SOUL.md and create ~/.xinling-bushou/config.json, and the skill's runtime claims to read historical dialogue (MEMORY.md) to infer gender. Before installing: 1) Inspect scripts/inject.sh line-by-line — do not run it blind. 2) Backup your SOUL.md and agent config so you can restore them. 3) Confirm whether your agent stores sensitive PII in MEMORY.md; if so, avoid granting this skill access or sanitize that file first. 4) Check the inject script for any network calls or unexpected commands (none were shown in the code excerpts, but the script content must be reviewed). 5) If you want to proceed, ask the author to declare required config paths (SOUL.md, MEMORY.md) in the registry metadata so permissions are explicit. If you do not trust the source or cannot review the inject script, do not run the injection; consider running the persona code in an isolated test environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97fk16w4z8cpqav2zwpe0tjj984fc44
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💖 Clawdis