Skillv1.0.0

ClawScan security

每日综合新闻（基于news-aggregator-skill并发送至飞书文档） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 3:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (automatically fetch news and send to Feishu docs) is plausible, but the runtime instructions contain mismatches and risky/unclear steps (hard-coded proxy, reliance on a local skill path, and no Feishu authentication instructions).
Guidance: Before installing or running this skill: 1) Ask the author to explain how Feishu document creation is authenticated (which env vars or tokens are required) and to add those variables to the skill metadata if needed. 2) Do not blindly export the hard-coded proxy (http://192.168.110.9:7890) — confirm whether that proxy is yours; routing traffic through an unknown proxy can expose your data. 3) Verify that the referenced directory (~/.openclaw/workspace/技能/news-aggregator-skill) exists and manually review the scripts/fetch_news.py files for unexpected behavior (network endpoints, data exfiltration, arbitrary command execution) before running. 4) If you want Feishu posting, prefer providing credentials via a secure secret store and expect the SKILL.md to declare required env vars (e.g., FEISHU_TOKEN). 5) If you cannot verify the above, consider running the skill in an isolated environment (air-gapped or VM) or decline until the developer clarifies the proxy and authentication details.

Review Dimensions

Purpose & Capability: concernThe name claims it will send reports to 飞书文档, but the SKILL.md only marks Feishu document creation as optional and provides no authentication or required environment variables for Feishu. The skill also depends on an external 'news-aggregator-skill' existing at a hard-coded workspace path — this reliance is not documented in registry metadata and may be missing on target systems.
Instruction Scope: concernInstructions tell the agent to cd into ~/.openclaw/workspace/技能/news-aggregator-skill and run local Python scripts (reads/writes JSON and report files). They also instruct exporting HTTP_PROXY/HTTPS_PROXY to a specific IP (http://192.168.110.9:7890). These steps reference local paths and network configuration outside the skill's declared requirements and could redirect traffic through an unexpected proxy.
Install Mechanism: okNo install spec and no bundled code — instruction-only. This minimizes install-time risk because nothing is downloaded or written by an install step.
Credentials: concernRegistry metadata declares no required env vars or credentials, but SKILL.md asks the user to export proxy environment variables (hard-coded address) and implies optional Feishu integration without telling how to provide Feishu credentials. Absence of declared Feishu auth vars is a proportionality/information mismatch.
Persistence & Privilege: okalways is false and the skill does not request persistent/privileged presence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with additional red flags that would raise privilege concerns.