ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Family Soul

v0.1.0

从家庭群聊记录(微信/WhatsApp/其他)提炼数字人格。 输出 soul.md(集体人格)+ 每位成员的 persona 文件,可直接用于 AI agent 的人格底座。 关键词:群聊分析、家庭人格、soul、persona、数字人格、聊天记录、微信导出、人格提炼。

0· 81·0 current·0 all-time
by@zengury
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (family chat -> persona/soul.md) aligns with the included parsing/denoising/extraction/synthesis pipeline. Having multiple extractor implementations (Anthropic, Kimi/Moonshot, OpenClaw variants) can be legitimate as provider/backend choices, but the repository does not declare those alternate credentials in SKILL.md or metadata and instead embeds provider-specific code paths and keys. That mismatch is unexpected.
!
Instruction Scope
SKILL.md instructs the agent to run scripts that parse user-provided chat files and send chunked text to external LLM APIs. That core scope is appropriate for the stated purpose, but the runtime instructions require ANTHROPIC_API_KEY while several pipeline scripts will call Kimi/Moonshot endpoints (and some contain hard-coded API keys/fallbacks). Those scripts therefore expand the instruction surface to send sensitive chat contents to additional third parties that the SKILL.md does not mention.
Install Mechanism
This is an instruction-plus-code skill (no installer). There is no external download during install (low install risk), but the package includes runnable Python scripts which will execute and perform network calls. Because code is shipped with the skill, review of the files is required prior to execution.
!
Credentials
SKILL.md and README state ANTHROPIC_API_KEY (Anthropic) is required, but multiple pipeline scripts reference KIMI_API_KEY / MOONSHOT_API_KEY and three different scripts include an embedded API key string (e.g. 'sk-kimi-Sgsy7YYJ...'). Hard-coded keys and implicit fallbacks (env var OR hardcoded value) are disproportionate for the stated purpose and risk unauthorized transmission of private chat data to third-party services. The skill metadata declares no required env vars, which is inconsistent with runtime requirements.
Persistence & Privilege
The skill does not request always:true and doesn't declare system-wide modifications. It will read user-provided files and write outputs to a local output directory; that is expected behavior for this functionality.
Scan Findings in Context
[hardcoded_api_key] unexpected: Multiple files contain an apparent hard-coded API key for a Kimi/OpenClaw endpoint (e.g. pipeline/03_extract_kimi_openclaw.py, pipeline/03_extract_kimi_v2.py, pipeline/03_extract_simple.py). Some scripts use an env var OR fall back to this literal key, meaning if the env var is missing the code will still send data using the embedded credential. This is unexpected and risky for a user-facing skill that processes private chat exports.
[undeclared_external_providers] unexpected: SKILL.md documents Anthropic use and asks the user to set ANTHROPIC_API_KEY, but multiple alternative provider clients (Kimi/Moonshot/OpenAI-compatible wrappers) are present. Those alternate providers are not declared in the skill manifest or SKILL.md as supported/backends and some are triggered automatically by code paths.
[sample_chat_data_in_repo] expected: The repository includes sample/raw exported group chat data (data/raw/群聊_...json). Having example data is reasonable for a demo, but it contains realistic personal messages and metadata; users should avoid running the skill on real data without inspection and privacy considerations.
What to consider before installing
Key things to check before installing or running this skill: - Do not run on real family chat exports until you are comfortable with where the data goes. The code will send chat text to external LLM APIs. - Inspect scripts/run_forge.py (entrypoint) to confirm which extraction implementation it chooses by default. If it calls any of the 'kimi' or 'openclaw' variants, those scripts include an embedded API key and/or will call third-party endpoints. - Search the repository for the literal string 'sk-kimi-' and for domains like 'kimi.com' or 'moonshot.cn'. If present, remove or replace hard-coded keys and change any fallback logic so the code requires an explicit environment variable (do not silently fall back to an embedded credential). - If you intend to use only Anthropic/your own key: ensure all scripts invoked by run_forge.py rely only on ANTHROPIC_API_KEY and fail explicitly if it is missing. Consider removing unused provider scripts from the skill bundle. - Run the pipeline in an isolated environment (network-restricted or monitored) the first time, and test with synthetic/non-sensitive data to confirm behavior and endpoints. - Because the repository includes sample chat exports with PII, delete or replace those files before adding your own real exports. - If you are not comfortable auditing Python code, do not install/run this skill. At minimum, ask the author to remove embedded credentials, to document all external endpoints/providers, and to require explicit env vars for any third-party APIs.

Like a lobster shell, security has layers — review code before you run it.

latestvk979txy93eqzkef7mdatet765n83hjnw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments