Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Megan
v3.4.0AI 书童,辅助阅读、学习、考试、写作与信息收集。当用户说"书童"、"伴读"、"背书"、"考我"、"查典故"、"整理书架"、"复习"、"备考"、"誊抄"、"代写"、"找书"、"学术动态"、"读书笔记"、"阅读计划"、"知识管理"、"晒书"、"盘点笔记"、"整理知识库"、"补书"、"修补笔记"、"完善笔记"、"抄书...
⭐ 1· 77·0 current·0 all-time
byMegan@yamyeed
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is presented as an Obsidian-integrated reading/study assistant and its instructions clearly describe creating, deleting, and updating files under a specific vault path (VAULT_ROOT = ~/obsidian-vault/shutong/). However, the registry metadata lists no required config paths, no required environment variables, and no binaries. The requested file-system access and persistent storage implied by the instructions are not declared, which is an incoherence: a vault-integration skill should declare the config path(s) and any required helper tools.
Instruction Scope
SKILL.md instructs the agent to read from local files and URLs, create/delete notes, update a centralized MOC.md on each change, export zip/PDF, and set up cron-style reminders. These actions involve reading/writing user files and scheduling tasks. The instructions are specific about paths and behaviors (e.g., automatic MOC updates) but do not constrain what files may be read beyond the vault path, nor do they explain how scheduling/reminders are implemented. That gives the agent broad file-system and scheduling scope beyond what the manifest declares.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing new is installed on disk by default. That lowers installation risk.
Credentials
The skill requests no environment variables or credentials, yet expects a specific filesystem root (VAULT_ROOT) and references tools/behaviors like CronCreate and WebSearch. The absence of declared config paths or required helper tools is disproportionate to the file and scheduling operations the instructions require. Also, WebSearch implies network calls but no external endpoints or privacy handling are declared.
Persistence & Privilege
always is false (normal). However, the skill describes persistent behaviors (automatic MOC updates on create/delete, daily reminders via CronCreate) that would require either the agent or the user to set up scheduled tasks or background processes. Because the skill doesn't declare how persistence is achieved, there's ambiguity about what will run persistently and who/what must be granted that capability.
What to consider before installing
This skill is plausibly what it says (an Obsidian-focused study assistant), but its instructions expect the agent to read/write files under ~/obsidian-vault/shutong/, update indexes automatically, export archives, schedule reminders, and perform web searches — yet the skill metadata declares no config paths, tools, or permissions. Before installing: (1) confirm you are comfortable with the agent writing to the specified vault path; back up your vault first; (2) ask the author how reminders (CronCreate) are implemented and whether any background jobs will be created; (3) verify whether WebSearch or other network operations will upload content (sensitive notes) to external services; (4) if you want limited scope, consider creating an isolated test vault directory and pointing VAULT_ROOT there; (5) request the skill to declare required config paths and helper tools explicitly. If the author cannot clarify these mismatches, treat the skill cautiously or run it only in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9754k84s9qnqgtdwtyd558sjh84gze0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.