Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Huang Zheng Perspective
v1.1.1黄峥的思维操作系统。基于公开演讲、内部信、访谈和决策记录的深度调研, 提炼 5 个核心心智模型、8 条决策启发式和完整的表达 DNA。 用途:作为思维顾问,用黄峥的视角分析商业问题、审视决策、判断长期价值。 当用户提到「用黄峥的视角」「黄峥会怎么看」「黄峥模式」「huang zheng perspective」时...
⭐ 0· 85·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (offer Huang Zheng's perspective) align with the SKILL.md and included research files: the skill is instruction-only and provides models, rules, examples and triggers for when to activate. One inconsistency: registry metadata and install spec say no install required, but README includes npx / clawhub install commands — this is a documentation mismatch (not necessarily malicious) that could confuse users about how the skill is distributed.
Instruction Scope
The SKILL.md explicitly instructs the agent to respond 'directly as 黄峥' using first‑person 'I', to present a one‑time disclaimer and then remain in role without repeating the disclaimer, and to refuse meta commentary unless asked to exit role. That makes outputs potentially deceptive to end users who may take the responses as coming from the real person. The activation triggers are broad (some generic phrases are included as triggers) which could cause over‑triggering. There are no instructions to log or surface provenance on every response, nor safeguards to prevent misleading attribution.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal technical footprint. No external downloads, packages, or binaries are required, which reduces install-time supply chain risk.
Credentials
No environment variables, credentials, or config paths are requested; the declared requirements are proportional to the stated purpose.
Persistence & Privilege
The skill does not request always:true and has no install that writes config or escalates privileges. However, because the SKILL.md instructs the agent to present a single disclaimer and then stay in character, an agent that invokes the skill autonomously could continue producing first‑person, impersonating outputs across a session—this is a behavioral/privacy risk (deceptive attribution) rather than a system privilege escalation.
What to consider before installing
This skill is coherent with its stated goal (acting as a distilled 'Huang Zheng' decision advisor) but includes explicit instructions to impersonate a real public figure and to limit disclaimers to the first activation. Before installing or using it, consider: 1) Legal/ethical risk — impersonating a real person can be misleading; prefer phrasing like 'respond in the style of' rather than 'I am X'. 2) Safety/provenance — require a visible disclaimer on every session/response so users know outputs are simulated. 3) Trigger scope — narrow activation phrases to avoid accidental invocation on generic questions. 4) Documentation mismatch — README suggests npx/clawhub install while registry lists no install spec; confirm distribution method. 5) Source verification — review the included references for accuracy and update cadence, since the skill claims to be research‑based. If you proceed, ask the author to change the role rule to avoid direct impersonation, add per‑response provenance, and tighten activation rules.Like a lobster shell, security has layers — review code before you run it.
latestvk972ps5rtctmr12bdbrser4f9584b49d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.