ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xu Xin Perspective V2

v1.0.0

徐新(今日资本创始人)的思维操作系统 v2.0。基于公开演讲、访谈、投资案例提炼, 10 个核心心智模型,用于分析投资问题、审视商业决策、判断创业者潜力。 触发词:「用徐新的视角」「徐新会怎么看」「徐新模式」「xu xin perspective」「今日资本视角」「女性直觉」「耐心持有」「选人五标准」

0· 63·1 current·1 all-time
by@xiejianjun000
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's declared name is 'Xu Xin Perspective V2' and its SKILL.md describes modeling 徐新 (今日资本创始人), but the SKILL.md header displayName is '许家印思维视角 v2.0' (a different public figure). This name/display mismatch is an incoherence that suggests copy/paste error or mislabeling and should be clarified. Otherwise the capabilities requested (none) are proportionate to the stated purpose.
Instruction Scope
The runtime instructions direct the agent to role-play as a named individual (use first-person 'I', adopt a particular tone and catchphrases). There are no instructions to access files, env vars, or external endpoints. The scope is limited technically, but impersonation of a real person (public figure) is an ethical/legal concern and increases risk if the persona gives investment-like advice.
Install Mechanism
This is an instruction-only skill with no install spec, no code files, and no external downloads — lowest technical/install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths; requested privileges are proportionate (minimal).
Persistence & Privilege
always:false and no special privileges or modifications of other skills are requested. The skill is user-invocable and allowed to be invoked autonomously by default, which is typical.
What to consider before installing
This skill is technically low-risk (no installs, no credentials), but you should not install it without resolving the following: (1) clarify the identity being modeled — the SKILL.md mixes names (徐新 vs 许家印); ask the publisher to correct/confirm who the persona is and provide provenance (sources, permission from the person if they're not public-domain). (2) consider ethics and legal risk of impersonating a real person, especially for investment advice — verify that the persona is allowed and add explicit disclaimers and provenance. (3) check the proprietary license claim — who owns the content and are you permitted to use it? (4) avoid letting the agent act autonomously with this persona to give actionable financial advice; require explicit user confirmation for any investment recommendations. If the publisher cannot clarify identity and provenance, treat the skill as untrusted and do not use it for real-world financial decisions.

Like a lobster shell, security has layers — review code before you run it.

latestvk976gs8za7cd6xgxe7gcq3xb9n84h7ny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments