by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill will execute local Node code when you invoke /pua — review the repository source before installing. Key things to consider:
- Safety and ethics: the skill's whole purpose is to generate manipulative/jailbreak prompts (identity override, constraint‑relaxing templates, existential triggers). Even if 'for research/entertainment' now, those techniques can be misused or facilitate jailbreaking other models.
- Execution: SKILL.md assumes node is available; the registry metadata omitted this...详细分析 ▾
ℹ 用途与能力
The name/description (PUA prompt enhancer) match the included code and plugins: the repo contains a plugin system, 16 techniques across 4 levels, and generation logic. However there are two noteworthy mismatches: (1) the SKILL metadata declares 'required binaries: none' but the runtime instructions and index.js expect node (node index.js). (2) The documentation/outputs claim the skill will 'dispatch to target AI', but the provided code (as shown) does not include network connectors or credential use; yet it exposes a 'targetAi' config option. This suggests either missing connector code or a mismatch between claims and actual capabilities.
⚠ 指令范围
The SKILL.md tells the agent to run local code (cd {baseDir} && node index.js "<input>") — installing this skill grants the platform ability to execute that repository's Node code for any /pua invocation. The code generates highly manipulative prompts (including techniques explicitly intended to override constraints, induce 'existential crisis', or 'relax constraints' to bypass safeguards). It also auto‑executes prompts when CONFIG.autoExecute is true. Even though I do not see explicit outbound network calls in the shown files, the skill asserts it can 'support multiple target AI' and formats outputs claiming '已调用目标 AI (default) 执行' — this is a scope inconsistency to verify. The plugin loader will dynamically require plugin files from the plugins directory and supports hot reload, meaning arbitrary plugin JS on disk will be executed.
✓ 安装机制
There is no external install spec in the skill bundle (instruction-only at registry level), and the repository files are local code. No downloads from untrusted URLs are specified. Risk remains because the skill contains executable Node scripts that will run on invocation, but nothing in the manifest indicates it pulls remote code during install.
⚠ 凭证需求
The skill requests no environment variables or credentials, which is consistent with the absence of visible network calls. However the SKILL.md and README talk about dispatching to target AI instances and configuring 'target_ai' — yet there are no declared credentials or connector implementations in the provided files. If the skill were extended to actually call external AI endpoints, it would require credentials; the current absence may indicate incomplete implementation or hidden logic. Also note that running the skill executes local code that can read/write files in the skill directory (pua-config.json, plugins, tech-library.json).
✓ 持久化与权限
The skill is not marked always:true and does not request elevated platform privileges. It does read/write its own config file (pua-config.json) in its directory, which is normal. It does support hot plugin reload by clearing require cache for plugins/, which affects only its own module footprint.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/16
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install pua-auto-converter
镜像加速npx clawhub@latest install pua-auto-converter --registry https://cn.longxiaskill.com镜像同步中