ClawHub
Back to skill
v1.0.1

Daily Hot Deals

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

The included code appears to only generate a local, hard-coded deals report, though users should notice that the description overstates real-time aggregation and scheduled WeChat push capabilities.

GuidanceThis skill looks low-risk from the provided artifacts: it mainly prints a local deals report using built-in Python. Before relying on it, verify whether the deals are real and current, and do not enable any recurring WeChat or paid-subscription workflow unless you are shown exactly what account, schedule, and unsubscribe controls will be used.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
tools/daily_report.py
# 模拟生成每日优惠数据

The implementation explicitly says it simulates daily deal data, while the skill description claims automatic whole-network deal aggregation. This is more of a capability/accuracy mismatch than malicious behavior.

User impactUsers might rely on the report as if it contains current real marketplace deals or arbitrage opportunities, when the included code appears to output static demo-like data.
RecommendationTreat the report as sample/demo output unless the maintainer provides a real, reviewable data-source integration and clear price-verification guidance.
Rogue Agents
SeverityLowConfidenceMediumStatusNote
SKILL.md
每日 8:00/20:00 自动发送

The documentation describes recurring automatic delivery, which would be persistent scheduled behavior if implemented. The provided artifacts do not show such a scheduler, so this is a user-awareness note rather than a demonstrated unsafe behavior.

User impactIf a future or external version implements this feature, it could continue sending deal reports after initial setup unless subscription controls are clear.
RecommendationOnly enable recurring pushes if the skill provides clear scheduling, destination, unsubscribe, and approval controls.