ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

progress-selfcheck

Provides periodic progress self-checks with Feishu notifications, task ledger management, auto-reactivation of stale tasks, and summary reporting for OpenClaw.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 19 · 0 current installs · 0 all-time installs
by@Ulquoirra
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (progress self-checks, Feishu sends, task ledger, auto-reactivation) align with the included scripts and configuration. The files implement reading a cron store, maintaining an append-only task ledger, writing artifacts to output/, and sending Feishu messages via the OpenClaw CLI as described.
Instruction Scope
Runtime instructions operate on local workspace paths, read the cron_store and memory events, write artifacts to output/, and may run local commands from task 'next' fields. This is expected, but auto-reactivation executes arbitrary local commands (run_local) and stores command output/results in the ledger; the SKILL.md warns about blocking external actions, and the code implements a substring-based block, which is a heuristic and can be bypassed with crafted commands.
Install Mechanism
No install spec (instruction-only with code files) — lowest install risk. The user is instructed to copy the folder into their workspace and add cron entries. No external downloads or package installs are performed by the skill.
Credentials
The skill declares no required environment variables or credentials. It relies on local OpenClaw CLI availability for sending Feishu messages and on local filesystem paths configured in progress_selfcheck_config.json. No unrelated credentials are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated/platform-wide privileges. It writes only to configurable workspace subpaths (memory/, output/) and its own config; it does not modify other skills' configs.
Assessment
This skill appears to do what it claims, but pay attention before enabling automation: 1) Review all tasks in memory/active_tasks.jsonl — any task 'next' command will be executed locally by the auto-reactivation feature. 2) The code blocks obvious external actions via substring matching (blocks tokens like 'http://', 'openclaw message send', etc.), but that check is simple and can be circumvented by obfuscated or more complex commands; don’t put secrets or network-exfiltration commands into task 'next'. 3) Feishu sending is performed by calling the local OpenClaw CLI (via PowerShell in the send path) — ensure your OpenClaw CLI/account is correctly configured and you understand what message content will be delivered. 4) The script records command outputs and notes into the task ledger (local files), so sensitive command output may be persisted. 5) The send implementation uses PowerShell which may be platform-specific; test on your OS before scheduling cron jobs. Recommended safe steps: set feishu.target properly, run the scripts manually first (with debug/--limit), inspect the task ledger and sample 'next' commands, and consider disabling auto-reactivate or setting max to 0 until you trust the commands it will run.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk976bpr46cz8pk70k6t8mh8r198304j6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

progress-selfcheck-skill

What this skill does

A robust progress self-check system for OpenClaw:

  • Sends a periodic progress selfcheck to Feishu (DM target configurable)
  • Writes selfcheck artifacts to output/ for Webchat pull
  • Maintains a task ledger (append-only JSONL) for conversational tasks
  • Auto-reactivates stale tasks (safe local-only commands), with repeatable support
  • Shows a clean summary: running cron jobs, recent completions, alerts, unfinished tasks

Install

Copy this folder into your OpenClaw workspace:

  • C:\Users\Administrator\.openclaw\workspace\skills\progress-selfcheck-skill

Then configure and add cron jobs (see below).

Configuration

Edit:

  • config/progress_selfcheck_config.json

Key fields:

  • workdir: OpenClaw workspace path (default ${HOME}/.openclaw/workspace)
  • feishu.account: e.g. main
  • feishu.target: required. Replace user:ou_xxx_replace_me with your own Feishu DM target.
    • Example: user:ou_xxxxx...
  • stale_minutes: stale threshold for auto-reactivate (default 5)
  • max_reactivate_per_run: default 2
  • display_limits: max items for each section

Cron job snippet

See templates/cron_jobs_snippet.json and merge into ~/.openclaw/cron/jobs.json.

Suggested schedules:

  • progress selfcheck: every 15 minutes 08:00-23:00
  • ledger compact: weekly Sunday 03:40

Commands

  • Run selfcheck now:

    • python skills/progress-selfcheck-skill/scripts/progress_selfcheck_and_send.py --limit 5

  • Add a task:

    • python skills/progress-selfcheck-skill/scripts/task_ledger.py add --title "..." --auto true --repeatable true --next "python ..."

  • Reactivate stale tasks now:

    • python skills/progress-selfcheck-skill/scripts/task_reactivate.py --stale-min 5 --max 2

Safety

Auto-reactivation is local-only:

  • blocks URLs and openclaw message send
  • intended to prevent "said working but not actually doing"

Notes for publishing

This skill is designed to be publishable. Remove machine-specific paths by configuration.

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…