ClawHub
Back to skill
v1.0.2

Daily Summary

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:09 AM.

Analysis

This instruction-only skill is coherent for making a daily OpenClaw usage summary, with only purpose-aligned notes about running a local status command and saving a persistent memory file.

GuidanceThis skill appears safe for its stated purpose, but before installing, be aware that it may run `openclaw status --json` and write a dated summary into your OpenClaw memory folder. Review the generated files for sensitive task details, and do not run or schedule the referenced cron script unless you have inspected it separately.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
执行命令:
```bash
openclaw status --json
```

The skill instructs the agent to run a specific local CLI command to obtain token usage. This is purpose-aligned, but it is still local tool execution that users should be aware of.

User impactWhen invoked, the agent may read local OpenClaw status and recent session token-usage data to build the summary.
RecommendationInstall only if you are comfortable with the agent using local OpenClaw status output for the report, and keep usage limited to the documented status command.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
- 脚本:`~/.openclaw/workspace/cron_daily_summary.py`

The skill references a workspace script that is not part of the supplied instruction-only package. The artifact does not instruct the agent to run it, so this is a provenance note rather than a concern.

User impactIf you later rely on that local script, its behavior is not covered by these packaged artifacts.
RecommendationInspect or create any referenced local script yourself before scheduling or running it.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
创建/更新 `memory/YYYY-MM-DD.md` ... 保存文件到 `~/.openclaw/workspace/memory/YYYY-MM-DD.md`

The skill persists the generated daily summary, including token statistics and task-completion information, in the OpenClaw workspace memory path.

User impactDaily summaries may remain available to future agent sessions and could include private task details if the agent adds them.
RecommendationReview generated Markdown files, avoid including sensitive details, and delete or edit old summaries if you do not want them reused.