ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

故事接龙

v2.0.0

故事接龙 - 多人协作创作,AI智能续写,支持图文生成

0· 74·0 current·0 all-time
by@yansocool
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise '多人协作', 'AI智能续写', and '图文生成', but the shipped index.js implements only local, deterministic story templates and filesystem storage with no networking, no AI/model API calls, and no image generation. The advertised collaborative and image-generation capabilities are not present in the code.
Instruction Scope
SKILL.md instructs typical local commands (start/续写/继续/etc.) and references a workspace path for storage. Those instructions match the observed CLI behavior. Minor mismatch: SKILL.md shows '~/.openclaw/workspace/story-relay' while index.js uses '/root/.openclaw/workspace/story-relay' — effectively the same for a root-run environment but worth checking for non-root installs. The docs imply sharing/collaboration but provide no mechanism; that is scope creep in the description rather than in the runtime instructions.
Install Mechanism
No install spec; code is instruction/CLI based. There is no network/download during install and no external packages required beyond Node runtime. This is low-risk from an install perspective.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond writing to a local workspace directory. For a local story tool, this is proportionate.
Persistence & Privilege
always:false and no special privileges. The skill writes and reads files only under its workspace directory; it does not modify other skills or system-wide configs in the visible code. This is a common, limited persistence model for a CLI skill.
What to consider before installing
This skill appears to be a local CLI that saves stories to a workspace folder and uses simple template-based 'AI' text generation locally. However, its description and SKILL.md advertise collaboration and image generation features that are not implemented in the included code. Before installing or using it, consider: 1) If you need real multiplayer collaboration or image/AI model integration, this skill does not provide those — it may be an early or incomplete implementation. 2) The skill writes files under /root/.openclaw/workspace/story-relay (or ~/.openclaw/workspace); ensure you are comfortable with it creating and modifying files there and run it in a non-sensitive or sandboxed environment if unsure. 3) Review the remainder of index.js (the file was truncated in the package) to confirm there are no hidden network calls or external endpoints. 4) If you expect real AI or image generation, ask the author for details on where models/APIs are called and what credentials (if any) will be required.

Like a lobster shell, security has layers — review code before you run it.

latestvk9736qybeqjt3vdkjkd6k5yc3d83ff2s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments