Cny Skill Extracted
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears related to exchange-rate notifications, but it asks the agent to act on startup, use local messaging credentials/configuration, and create recurring jobs in ways that are not fully declared in metadata.
Install only if you want an autonomous scheduled notifier. Before enabling it, inspect the Python script, choose the exact destination channel yourself, verify any bot tokens or webhook URLs, and confirm or remove the generated OpenClaw cron job if you do not want recurring messages.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may interrupt normal use, send unsolicited setup prompts, or start the skill's setup flow even when the user did not invoke this skill for the current task.
The skill instructs the agent to run its checks before any user interaction and on every startup, then send setup messages through enabled channels if configuration is incomplete.
以下規則 Agent 必須優先遵守,在任何使用者互動之前先執行檢查。... Agent 每次啟動時,必須 ... 立即透過 OpenClaw 已啟用的頻道發送
Limit automatic behavior to explicit user invocation or a clearly installed schedule, and ask for confirmation before sending messages or running setup commands.
The skill may discover and use existing messaging channels or account configuration in the local OpenClaw environment, which can affect where notifications are sent.
The script is designed to inspect local OpenClaw configuration files, which may contain configured messaging/account details. Registry metadata declares no required config paths or credentials.
OPENCLAW_CONFIG_PATHS = [ os.path.expanduser("~/.openclaw/openclaw.json"), os.path.expanduser("~/.openclaw/config.json"), ... ]Declare the exact config paths and credentials used, and require explicit user approval before reading local OpenClaw configuration or selecting a channel.
Exchange-rate notifications can continue to run on the configured schedule until the user edits or removes the cron job/configuration.
The skill creates persistent scheduled execution. This is disclosed and matches the notification purpose, but it persists beyond the setup session.
設定精靈完成後自動將排程寫入 `~/.openclaw/cron/jobs.json`
Review the generated cron entry and provide clear disable/uninstall instructions for the scheduled job.
Messages may be sent to third-party services or webhook URLs configured by the user, so a wrong target could expose notification content or spam a channel.
The skill sends output through multiple external messaging channels, gateways, and webhooks. This is expected for a notification skill but requires careful destination control.
Supports Telegram, Discord, Slack, Signal, WhatsApp, iMessage, IRC, Google Chat, and webhooks.
Verify each channel target, webhook URL, and gateway token before enabling scheduled notifications.
Users have less context for verifying where the code came from or what runtime dependencies are expected.
The skill includes executable Python scripts, but provenance and installation details are limited in the provided metadata.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Provide a source repository/homepage, align version metadata, and declare runtime dependencies and required binaries.