Skillv1.0.0

ClawScan security

ai-morning-brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: 功能总体与“生成 AI 领域日报”的描述一致, 但代码/文档中存在未在元数据声明的外部凭据调用和一个硬编码的会话目标（推送到钉钉组），这些不一致值得在安装前确认。
Guidance: What to check before installing: 1) Environment vars: The code can call an external LLM endpoint using ALIBABA_CLOUD_API_KEY (dashscope.aliyuncs.com) though that key is not declared in the skill metadata. If you don't want the skill to call external LLMs, do not set ALIBABA_CLOUD_API_KEY (or inspect/remove call_llm usage in scripts/ai_daily.py). Also verify whether you want to provide TAVILY_API_KEY or GITHUB_TOKEN — they are optional but used for enhanced functionality. 2) Outbound push: scripts/push-to-dingtalk.sh uses openclaw sessions send with a hard-coded session identifier (agent:main:dingtalk:group:cid+...). Confirm what that session maps to in your environment — it could attempt to deliver reports to a group you don't expect. If you prefer manual control, remove/modify the push script or comment out the sessions send line. 3) Paths and permissions: Many scripts assume /root/.openclaw/workspace/... and create files/logs there and in output/. If you run under a different user or want a different location, update paths in generate.sh, install.md, and push scripts before enabling cron. 4) External endpoints: The skill fetches many external feeds and uses Tavily/arXiv and optionally Alibaba's API. Review config/sources.json to ensure you trust the listed sources, and check prompts.md's call_llm snippet to understand what data may be sent to the LLM provider (titles/content/full text may be transmitted if used). 5) Run locally first: Execute scripts in a sandbox or non-privileged account: run bash scripts/generate.sh and inspect output/AI-Daily-YYYY-MM-DD.md, validate with python3 scripts/validate_report.py. Do not enable the cron or push to messaging until you confirm behavior. 6) If you need greater assurance: remove or stub the call_llm function and the push-to-dingtalk step, or require explicit environment variables before those actions run. If you are not comfortable auditing the code yourself, consider not installing or asking a developer to review ai_daily.py and push scripts for data handling and destinations.

Review Dimensions

Purpose & Capability: ok名称/描述匹配实际文件：脚本抓取 RSS/Tavily/arXiv、用 LLM 处理、生成 Markdown 并支持 TTS 推送。要求的本地二进制 (python3, curl) 与实现相符。文件清单和配置 (sources.json, prompts.md, ai_daily.py) 支持所宣称的功能。
Instruction Scope: concern运行说明和脚本会抓取任意外部 RSS/网页、调用搜索服务 (Tavily)，并可能调用云 LLM（示例代码调用 dashscope.aliyuncs.com 的 Qwen 接口）。脚本会写入/读取固定路径 (/root/.openclaw/workspace/... ) 并尝试通过 openclaw sessions send 将摘要发送到一个硬编码的会话 ID（scripts/push-to-dingtalk.sh）。SKILL.md 与 README/INSTALL 提供运行命令，但代码中还访问了未在元数据里声明的环境变量（见环境一项）。总体上指令范围覆盖抓取、生成、验证、推送；推送目标和外部 API 调用是需要用户确认的敏感点。
Install Mechanism: ok没有提供自动远程下载或不明来源的安装步骤；这是 instruction-only + included scripts. install.md suggests pip3 install edge-tts (public package). 没有使用任意 URL 的二进制下载或提取步骤，风险较低。
Credentials: concern元数据声明没有必需的 env vars, 而 SKILL.md metadata and README mention optional TAVILY_API_KEY and GITHUB_TOKEN. 但代码和 docs 还引用/推荐 ALIBABA_CLOUD_API_KEY (用于 call_llm) 以及 ALIBABA_CLOUD_API_KEY 和 TAVILY_API_KEY 在 scripts/test.sh/README 中影响行为。换言之：该技能会尝试使用多个外部 API keys (Tavily, Alibaba/Qwen, 可选 GitHub token)，但 ALIBABA_CLOUD_API_KEY 这个关键凭据没有在 SKILL 元数据的 requires.env 或 primaryEnv 中列出 —— 这是不一致，用户应注意。
Persistence & Privilege: okflags: always:false, user-invocable:true, disable-model-invocation:false — 默认且合适。脚本会写入 local workspace 输出和日志（/root/.openclaw/...），并可被 crontab 调度，但没有证据显示它修改其他技能配置或强制常驻平台。