ClawHub
Back to skill
v1.0.0

龙虾知识体系管理

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

This instruction-only skill coherently builds a local Markdown memory/workflow system, with the main caution that it intentionally creates persistent agent memories, instructions, and heartbeat tasks.

GuidanceInstall only if you want the agent to maintain persistent Markdown-based memory and workflow files in your workspace. Review the generated memory, user-profile, agent-rule, and heartbeat files regularly, and do not store credentials or private secrets in them.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
HEARTBEAT.md 是 Agent 的自驱清单。每次被 heartbeat 触发时:1. 读取 HEARTBEAT.md 2. 执行其中的任务

The skill defines a persistent heartbeat checklist that the agent should execute when triggered.

User impactA heartbeat file can cause recurring maintenance actions such as memory consolidation or self-review without a fresh detailed prompt each time.
RecommendationKeep HEARTBEAT.md limited to low-risk maintenance tasks and require explicit user confirmation for any destructive, external, or account-changing action.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
USER.md — 用户档案...记录服务对象是谁... MEMORY.md — 长期记忆...凭证、密钥不写入此文件

The skill instructs the agent to maintain persistent user profile and long-term memory files, while also explicitly warning not to store credentials or keys.

User impactInformation written into these Markdown files may influence later sessions and could preserve stale or incorrect assumptions if not reviewed.
RecommendationKeep the workspace private, avoid writing secrets, and periodically review USER.md, MEMORY.md, AGENTS.md, and .learnings entries for accuracy.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
主 Agent(路由中枢)→ 分发给子 Agent → 子 Agent 各自独立记忆...主 Agent 查子 Agent 记忆

The optional multi-agent design allows a main agent to route work to sub-agents and read or update their memory files.

User impactIf enabled, context may move between agent-specific memory areas, which can blur boundaries between roles or tasks.
RecommendationUse separate directories for different agents, keep sensitive project context out of shared memory, and document which agent may read or update each file.