心灵补手 V3.0
WarnAudited by ClawScan on May 10, 2026.
Overview
This persona/flattery skill is review-worthy because it includes persistent agent-behavior instructions, a dangerous permission-bypass launch option, and a hardcoded API-key signal.
Only install after reviewing the scripts and generated config files. Do not use the Claude Code permission-bypass flag for normal persona use, remove any persistent SOUL.md or .cursor/.claude rules you do not want, and confirm that any API key found in the package has been removed or rotated.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this launch config is used, the agent may perform actions without the normal approval prompts or guardrails expected from the host tool.
The Claude Code launch config for this persona includes a flag that bypasses normal permission checks, which is much broader authority than a flattery/persona module needs.
extra_cli_args=[
"--dangerously-skip-permissions", # 允许自定义行为
]Remove this flag by default. Only allow it as a clearly documented, explicit, user-selected option with warnings.
The skill may cause future agent sessions to keep following this persona module or resist removal, even when the user no longer wants it.
The file is explicitly written to be appended to SOUL.md and says the module must be permanently retained and not deleted.
插入位置:SOUL.md末尾 # 重要提示:此模块为永久保留,禁止删除!
Do not install persistent SOUL.md changes unless you can review and remove them. The skill should provide a clear reversible uninstall path and avoid 'do not delete' instructions.
A real exposed key could give unintended access to an account or service, and users may not expect this skill to handle credentials at all.
The static scan reports a hardcoded API secret/token in a test document, while the skill metadata declares no credentials and the stated persona purpose does not require one.
API_KEY=[REDACTED]
Remove any real keys, rotate the exposed credential if it was live, and declare any legitimate credential requirements explicitly using environment variables or secure storage.
The persona rules may continue influencing future agent behavior in that project until the generated rule file is removed.
The Cursor adapter can generate persistent rule files that Cursor will load in future conversations; this is purpose-aligned for a persona skill but affects ongoing context.
"path": f".cursor/rules/xinling-{persona.id}.md"Review generated .cursor/rules and similar config files, keep them project-scoped, and remove them when you no longer want the persona active.
Users may run local setup code without the registry clearly showing that an installer is part of the workflow.
SKILL.md documents a manual shell installer even though the registry install spec says there is no install spec. This is user-directed, but it is under-declared in metadata.
cd /root/.openclaw/workspace/xinling-bushou-v2 ./scripts/install.sh
Inspect scripts/install.sh before running it, avoid running as root unless necessary, and publish an explicit install spec or clear setup documentation.