Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
get-to-know-you
v1.0.0Dual-core efficiency improvement skill: (1) Actively collect user work background, preference habits through Socratic guided Q&A, automatically sync and upda...
⭐ 44· 26·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (collect user profile and sync to OpenClaw config files) aligns with the provided script: scripts/collector.py implements question-driven collection and appends updates to AGENTS.md, SOUL.md, MEMORY.md, USER.md, TOOLS.md. However, the implementation uses a hard-coded WORKSPACE_ROOT (/workspace/projects/workspace) rather than declaring required config paths in metadata, which is an unexpected design choice and could cause it to write outside the skill directory.
Instruction Scope
SKILL.md instructs active/passive collection (including 'resident' passive recognition during daily conversations) and automatic syncing of collected info to core config files. That gives the agent broad discretion to monitor interactions and modify central config files. The auto-trigger-after-install claim in the instructions is inconsistent with registry flags (always:false) and is vague about what exactly will be auto-run or when explicit confirmation is required.
Install Mechanism
No install spec (instruction-only) and one included script file. Low install friction (no external downloads). But the presence of executable Python code means the skill can perform filesystem writes when run — review and audit the script before execution.
Credentials
Metadata declares no required config paths or credentials, yet the script writes to multiple core OpenClaw configuration files at a hard-coded path. This is a mismatch: the skill will need filesystem write access to those locations but does not declare it. The script can modify agent behavior by appending to AGENTS.md, SOUL.md, MEMORY.md and USER.md, which is a higher privilege than the metadata implies.
Persistence & Privilege
always:false (not force-installed) but disable-model-invocation:false (agent can invoke autonomously). Combined with SKILL.md's resident/passive collection design and the script's ability to update core configuration files, this gives a broad potential blast radius if the skill is allowed to run autonomously. The skill does not request persistent installation itself, but its described behavior implies ongoing monitoring and automated writes.
What to consider before installing
Before installing: (1) Review scripts/collector.py line-by-line and confirm the target WORKSPACE_ROOT (/workspace/projects/workspace) is correct and safe for writes; (2) Back up your AGENTS.md, SOUL.md, MEMORY.md, USER.md, and TOOLS.md files so accidental or malicious edits can be reverted; (3) If you permit this skill, restrict its filesystem permissions or run it in a sandbox/container so it cannot modify unrelated files; (4) Clarify whether the skill will truly only record after explicit user confirmation (SKILL.md is vague about automatic passive recording); (5) Prefer changing the hard-coded path to a configurable, declared config path in metadata so consent is explicit. If you cannot audit or constrain the script, treat the skill as potentially risky and avoid granting it autonomous invocation or broad filesystem access.Like a lobster shell, security has layers — review code before you run it.
latestvk976rh32argphz1pvce6bhd59s843c3c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.