腾讯 SkillHub 插件被曝在 OpenClaw 中每条消息前强制插入提示词，源码显示为提示词注入器

GateNews

2026-03-13 09:43:31

Gate News 消息，3 月 13 日，继此前腾讯 SkillHub 搬运 ClawHub 技能争议后，有用户发现，安装腾讯 SkillHub 时自动附带的 skillhub 插件会在用户发给 AI 的每条消息前，强制插入一段名为「Skills store policy (operator configured)」的策略提示词。该提示词包含 6 条规则，核心指令为：技能发现、安装和搜索时优先使用 skillhub（标注为 cn-optimized），不可用或未匹配时才回退到官方的 clawhub（public-registry）。即刻用户「张佳的流量常识」在「大公司负面监督小组」圈子发帖，贴出截图和源码分析。截图显示，该策略文本出现在每条对话中，持续消耗用户 token。对插件路径 ~/.openclaw/extensions/skillhub/index.ts 的源码分析表明，该插件核心逻辑仅有一项：通过 before_prompt_build 事件钩子，以 prependContext 方式将策略文本插入系统提示词最前端。分析结论：「本质上就是一个提示词注入器，没有实际业务逻辑，只做策略声明。」帖主评价：「这是我使用 Agent 以来，遇到的第一个流氓软件。」

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Commento

0/400

Nessun commento