三体：文明的抉择

恐怖惊魂夜 - 互动式恐怖悬疑剧本杀游戏。玩家将在雪山旅馆中经历一场惊心动魄的生存冒险，通过调查线索、做出选择来推动剧情发展。支持多结局、角色扮演、线索系统。适用于互动小说、剧本杀、文字冒险游戏等场景。

Do not install this skill on a machine with sensitive data or live credentials yet. Specific concerns: (1) The package includes many unrelated scripts and integration code (Feishu, Gmail, publishing) and files containing API keys/credentials (gmail-credentials.json, service-account.json, cookies.json, API keys pasted in MEMORY.md). (2) AGENTS.md and other workspace docs direct the assistant to read long-term memory and user files without asking — this is scope creep from a simple game. (3) The SKILL.md/references include prompt-injection-like system instructions and potential obfuscation. Actions to take before proceeding: - Ask the publisher for provenance (source/homepage/owner) and why so many unrelated files are bundled. Do not proceed if owner is unknown/untrusted. - Inspect the repository for secrets: search for 'API_KEY', 'SECRET', 'password', '.env', 'service-account.json', 'gmail-credentials.json', 'cookies.json' and remove or rotate any exposed credentials. - Run the skill in an isolated sandbox/VM with no access to your real workspace, network-restricted if possible. - If you only want the game, extract SKILL.md and the references/ game files into a clean directory and remove unrelated files; verify no scripts will be executed. - If you plan to allow autonomous actions, require explicit, minimal env vars and a clear install script from a trusted source; never grant broad file-system access. If you want, I can list the exact files that contain apparent credentials and the lines to inspect/rotate.

Type: OpenClaw Skill Name: santi-text-game Version: 1.0.0 The skill bundle is classified as suspicious due to the extensive presence of hardcoded sensitive credentials, including API keys and secrets for Feishu, Volcengine, Maton, Perplexity, and WeChat, found in files such as `doubao_seed2pro_service.py`, `MEMORY.md`, `TOOLS.md`, and `tools/feishu_send.py`. The bundle also includes high-privilege capabilities such as full desktop automation via pyautogui (`skills/desktop-control/__init__.py`) and the creation of persistent system services on macOS via launchd (`feishu-openclaw/setup-service.mjs`). While these features appear to be part of a legitimate personal automation environment for a specific user, the lack of credential sanitization and the inclusion of persistence mechanisms represent significant security vulnerabilities.