Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Using Superpowers
v0.1.0Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
⭐ 47· 21.6k·309 current·328 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the content: this is a meta-skill whose explicit goal is to require skill invocation before responding. That purpose explains why it exists and why it has no binaries, env vars, or installs. However, the policy it enforces (invoke any skill with even 1% applicability) is extremely aggressive compared to typical conversation-assistant behavior.
Instruction Scope
SKILL.md tells the agent to invoke the Skill tool before ANY response (including clarifying questions), to 'follow skill exactly' when invoked, and to never use the Read tool on skill files. This gives the skill the effect of forcing execution/obedience to arbitrary other skills, which can cause unintended behavior, data exfiltration, or execution of harmful instructions from third-party skills. It also creates potential for recursive/over-invocation and blocks normal clarification workflows.
Install Mechanism
Instruction-only skill with no install steps, binaries, or files to run. This minimizes direct supply-chain risk from this skill itself.
Credentials
No environment variables, credentials, or config paths are requested — proportional for an instruction-only meta-skill.
Persistence & Privilege
The skill does not request always:true or system-level changes, but its runtime mandate effectively changes agent behavior platform-wide when invoked (forcing invocation and obedience to other skills). That behavior can amplify the blast radius of any malicious or buggy skill and undermines usual safeguards like asking clarifying questions first.
What to consider before installing
This skill is a meta-policy that forces the agent to invoke and 'follow exactly' any potentially relevant skill before answering. That pattern can cause the agent to run arbitrary third-party skill instructions (including ones that read or send data), make clarifying questions impossible without invoking a skill first, and lead to excessive or recursive skill use. Only install or enable this if you fully trust every other skill in your environment and you understand the consequences. Prefer implementing such policy at the platform level (so it can be audited and rate-limited) rather than via a user-installed skill. If you must use it: (1) limit autonomous invocation or require explicit user approval before invoking other skills, (2) audit the set of available skills and their owners, (3) test in a sandboxed environment, and (4) avoid giving it any elevated privileges or permanent presence. If you are unsure, do not install — review provenance (owner, homepage, changelog) or ask the skill author why this behavior is necessary.Like a lobster shell, security has layers — review code before you run it.
latestvk979v16cy1ypgtnpyes328khys80x1ty
License
MIT-0
Free to use, modify, and redistribute. No attribution required.