by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to do what it says (decompose tasks and request missing context), but there are a few things you should consider before installing or using it:
- Privacy of uploads: The skill explicitly encourages attaching documents (PDFs, CSVs, Word). Do not upload sensitive credentials, personal data, or proprietary secrets unless you trust the environment and have reviewed data handling policy. Prefer redacting secrets before upload.
- Chain-of-thought instructions: The SKILL.md instruct...详细分析 ▾
✓ 用途与能力
The name/description (task decomposition, request missing context) aligns with the SKILL.md content. There are no unrelated required binaries, env vars, or install steps, so requested capabilities are proportional to the stated purpose.
⚠ 指令范围
The SKILL.md asks the agent to strictly follow an internal Chain-of-Thought (CoT) process and to perform implicit thinking, and it prescribes runtime behaviour such as stopping decomposition to call message_ask_user when missing info. It also instructs the skill to spawn parallel calls to the same skill for sub-tasks (self-recursion) and to transmit attachments losslessly. These directives are within the functional scope but raise operational concerns: (1) explicit CoT instructions increase the risk that the agent might surface internal reasoning in outputs, (2) self-recursive parallel invocation can create unbounded or costly workloads and amplify side effects, and (3) the doc forbids asking about word counts yet sets expectations for extremely large outputs (up to 90k words), which is unusual and could lead to resource exhaustion.
✓ 安装机制
Instruction-only skill with no install spec and no code files — lowest installation risk. Nothing is written to disk and there are no external downloads.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. It does ask users to upload attachments when appropriate, which is consistent with its purpose but requires user caution (see guidance).
✓ 持久化与权限
The skill does not request always:true, has default autonomy settings, and does not request modification of other skills or system-wide settings. The main risk is behavioural (recursive parallel calls) rather than privileged access.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/15
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install teamo-strategy
镜像加速npx clawhub@latest install teamo-strategy --registry https://cn.longxiaskill.com