by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
Do not run this skill as-is. Before installing or running: (1) Ask the publisher to provide the missing runtime files (encoder.py, visualize.py, agent_report.py) and the library/genome_library.json referenced by SKILL.md, and verify their contents — especially looking for unexpected network calls, credential exfiltration, or arbitrary system access. (2) Ask the author to declare any required API credentials (e.g., Claude key) and explain where/how those should be set (environment variable name, ...详细分析 ▾
⚠ 用途与能力
The skill's stated purpose (encoding/comparing agent genomes) matches the SKILL.md actions, but the runtime depends on external scripts (encoder.py, visualize.py, agent_report.py) and a genome library that are not present in the package. That mismatch means the skill as published cannot perform its claimed work without additional, undeclared code or data.
⚠ 指令范围
SKILL.md tells the agent to run local Python scripts and to read files like SOUL.md and library/genomes/<slug>.dna.json. It also notes that encoding requires a Claude API call (or a --mock flag). The instructions therefore include reading arbitrary files from the working directory and performing a network/API call, but provide no local scripts or clear guidance on where credentials should come from.
✓ 安装机制
There is no install spec (instruction-only skill) and the only included files are static HTML and the SKILL.md. That is low risk from an install perspective because nothing is being downloaded or extracted automatically. However, the missing runtime scripts mean the skill currently has an incomplete footprint.
⚠ 凭证需求
SKILL.md explicitly says encoding requires a Claude API call, yet requires.env lists no credential and the package does not declare a primary credential. A networked API call typically needs an API key or token; the skill fails to declare or justify how that credential will be provided, which is a proportionality and transparency issue.
✓ 持久化与权限
The skill is not always-enabled, does not request system-wide settings, and does not attempt to persist configuration for other skills. No elevated persistence or privilege requests are present in the metadata.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/22
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install ai-genome
镜像加速npx clawhub@latest install ai-genome --registry https://cn.longxiaskill.com