AI Agent OS: SkyDome Taiyi / 天穹-太一
ReviewAudited by ClawScan on May 17, 2026.
Overview
This appears to be a coherent AI workflow/persona toolkit, but it can run user-directed local commands, make HTTP requests, and keep local state or memory files.
Install this if you want a broad Taiyi persona/workflow system. Before letting it act autonomously, review helper scripts, require confirmation for command execution or API calls, and keep secrets out of generated state, memory, review, and dream files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may answer and plan differently while the skill is active.
The skill deliberately instructs the assistant to adopt a new operating persona and internal loop. This is core to the stated purpose, but it changes how the agent behaves.
You are now operating in Taiyi Mode... Your hidden task loop is: Goal → Evidence → Gap → Action → Verify → Answer
Use this skill only when you want the Taiyi workflow/persona active, and explicitly tell the assistant to stop using it if you want normal behavior.
If the agent or user supplies a dangerous command, it could modify files or the local environment.
The benchmark helper can execute an arbitrary user-supplied command. This is expected for a command benchmark tool, but it is broad local execution capability.
parser.add_argument('cmd', nargs=argparse.REMAINDER ...); r=subprocess.run(cmd,capture_output=True,text=True)Only benchmark commands you trust, and require confirmation before running commands that write, delete, publish, install, or change configuration.
Headers or payloads, including tokens if supplied, will be sent to the target URL.
The API smoke-test helper sends user-provided URLs, headers, methods, and data over HTTP. This is purpose-aligned for API testing, but it can transmit whatever the user provides.
parser.add_argument('url'); parser.add_argument('-H','--header'...); req=urllib.request.Request(args.url,data=data,method=args.method,headers=headers)Use the API smoke tester only with trusted endpoints and avoid passing secrets unless the endpoint and request are intended.
Local memory, task, review, or dream files may keep excerpts from prior work.
The dream consolidation helper reads recent task and memory files and writes excerpts into a local dream report. This supports the stated long-term memory/review purpose, but can retain sensitive content if users store it there.
for name in ['taiyi-tasks.json','taiyi-memory.jsonl']... p.read_text(errors='ignore')[-4000:]
Keep secrets, private data, and temporary noise out of Taiyi state/memory files, and clean generated state before sharing a project.
Users have less external context for verifying the publisher or project history.
The registry metadata does not identify an upstream source or homepage. There is no installer pulling external code, but provenance is limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included files and publisher identity before enabling broad workflow or command-execution use.