Skillv1.0.0

ClawScan security

Task Scheduler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 2:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions say it will read local files (e.g., memory/昨日.md) and push messages to Feishu, but the package declares no credentials, config paths, or install steps — this mismatch and the implied access to local data and external messaging services is incoherent and worth caution.
Guidance: This skill asks the agent to read local files (e.g., memory/昨日.md) and to send messages via Feishu, but the package provides no details about where Feishu credentials or webhooks come from and does not declare any config paths. Before installing: confirm with the developer how Feishu integration is configured (which env vars or webhook URL will be used), restrict or review which local directories the skill can access (so it cannot read arbitrary sensitive files), and prefer an implementation that declares required credentials and config paths. If you cannot verify how external posting will be authenticated or which files will be read, avoid enabling autonomous invocation or installing the skill.

Review Dimensions

Purpose & Capability: concernThe skill claims task scheduling, local-report generation, and Feishu message delivery — those capabilities are plausible together. However, the metadata declares no required credentials, config paths, or setup for Feishu or for accessing the user's 'memory' files. Requesting no env/config while claiming external messaging integration is inconsistent.
Instruction Scope: concernSKILL.md explicitly instructs the agent that '任务执行时会自动读取相关文件（memory/昨日.md）' and to generate reports from '昨日记忆' and send via Feishu. That directs the agent to read local files and to transmit content to an external service. The instructions do not specify where Feishu credentials come from or what exact files/locations will be accessed beyond a single example.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — nothing is written to disk by an installer, which is the lowest-risk install model.
Credentials: concernThe skill references Feishu notifications but declares no required env vars or primary credential. If it actually sends messages to Feishu it will need API tokens or webhook URLs; the lack of declared credentials or config paths is disproportionate and unexplained. It also implies reading local files (memory/...), which is a sensitive capability that should be declared.
Persistence & Privilege: notealways is false and the skill is user-invocable; autonomous invocation is allowed (platform default). Autonomous execution combined with file reads and external posting increases potential impact, but the skill does not request permanent system-wide privileges or modify other skills.