Tracker Latest Run Monitor
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script gives it access to the configured Feishu app credentials and lets it send a private message as that app.
The script reads a local config file containing Feishu app credentials and uses the app secret to obtain a tenant access token. This is expected for a Feishu notifier, but it is account/API authority that users should verify.
const CONFIG_PATH = '/home/SENSETIME/zhangjiazhao/.openclaw/workspace/skills/beijing-signed-price-tracker/projects.json'; ... if (!feishu.appId || !feishu.appSecret || !feishu.notifyUserOpenId) ... const accessToken = await getFeishuAccessToken(feishu.appId, feishu.appSecret);
Confirm the config file, Feishu app, recipient open_id, and app permissions are correct and least-privileged before running.
The latest run time, status, and detail/error summary from that cron log will be sent to the configured Feishu recipient whenever the script is run.
The script reads a specific local cron run log and posts the derived status text to Feishu. This is purpose-aligned, but users should notice the fixed path and external message action.
const RUNS_PATH = '/home/SENSETIME/zhangjiazhao/.openclaw/cron/runs/407511f7-5f9f-4a1e-aee9-c2e0764fb5e4.jsonl'; ... await sendFeishuTextMessage(accessToken, feishu.notifyUserOpenId, text);
Review the hardcoded run-log path and message recipient, and only run the command when you intend to send the notification.
A user relying only on registry metadata might miss that the skill needs local Feishu credentials and a specific OpenClaw cron log path.
Registry metadata does not declare the local config or credential dependency, even though the included script and configuration notes require a Feishu config file with appId/appSecret. The behavior is disclosed in the files, but the metadata is incomplete.
Required env vars: none; Env var declarations: none; Primary credential: none; Required config paths: none
Update metadata to declare the required config path, Feishu credential dependency, and external Feishu API messaging behavior.