Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily Summary
v1.0.1自动生成包含Token用量和任务完成情况的每日学习总结报告并保存为指定日期Markdown文件。
⭐ 0· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated goal (daily learning summary including token usage) aligns with the instructions to call a local status command and write a Markdown file. However, SKILL.md requires running the 'openclaw status --json' command and expects a workspace at ~/.openclaw/workspace, yet the registry metadata declares no required binaries or install steps. The SKILL.md also references a script (~/.openclaw/workspace/cron_daily_summary.py) that is not included. The missing declaration of the required CLI and absent script are incoherent with the manifest.
Instruction Scope
Instructions tell the agent to run 'openclaw status --json', parse token fields from its JSON output, and create/update ~/.openclaw/workspace/memory/YYYY-MM-DD.md. Reading local command output and writing into the user's ~/.openclaw workspace is within the skill's purpose, but the instructions reference creating/updating a cron script and parsing possibly log-prefixed JSON — those steps grant the skill write access to files in the user's home and imply persistence behavior that is not explicitly declared or provided.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes install-time risk. However, absence of an install or included helper script means the agent will be expected to run/make files at runtime, which shifts risk to execution-time file writes performed by the agent.
Credentials
The skill does not request environment variables or external credentials, which is proportionate for summarizing local token usage. It does, however, require access to a local CLI and the user's ~/.openclaw workspace; this file/CLI access is reasonable for the stated task but should have been declared as a required binary or documented clearly.
Persistence & Privilege
always:false (no forced global presence). Still, the SKILL.md explicitly mentions a cron_daily_summary.py script and saving files under ~/.openclaw/workspace — behaviour that would persist across runs if the agent creates a cron job or script. The skill manifest does not include that script or explain how persistence is established, so the potential for creating persistent scheduled work at runtime exists and should be reviewed.
What to consider before installing
This skill appears to do what it says (generate a daily token/task summary) but there are a few mismatches you should confirm before installing or enabling it:
- The SKILL.md runs 'openclaw status --json' but the registry metadata lists no required binaries. Confirm you have the 'openclaw' CLI and understand what data that command outputs.
- The skill will write files to ~/.openclaw/workspace/memory/YYYY-MM-DD.md and mentions a cron script (~/.openclaw/workspace/cron_daily_summary.py) that is not included. Ask the author for the script contents or inspect what the agent would write before allowing it to create files or a cron job.
- Because the skill writes into your home workspace, consider running it in a restricted environment or backing up the ~/.openclaw directory first. If you need stronger guarantees, request the missing artifacts (cron script) and a clear list of required binaries, or run the commands manually the first time to verify behavior.
If you want to proceed: ensure 'openclaw' is a trusted local tool, review any files the agent proposes to create, and monitor for unexpected outbound network activity when the skill runs.Like a lobster shell, security has layers — review code before you run it.
latestvk9718zws3wm60nwy2w8nb499j983g0ec
License
MIT-0
Free to use, modify, and redistribute. No attribution required.