Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CPMO 日报自动化
v1.0.0负责每日8:00晨报与17:30晚总结,实时读取Apple Notes、日历、提醒事项并同步飞书,跟踪风险与待办。
⭐ 0· 169·0 current·0 all-time
by张洋@ayangai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (daily reports from Notes/Calendar/Reminders -> Feishu) aligns with the SKILL.md instructions to read Apple Notes, macOS Calendar, remindctl and sync to Feishu. However there are incoherences: the instructions rely on macOS-specific osascript yet the registry metadata declares no OS restriction; the SKILL.md hard-codes a Feishu App Token and Table ID while the skill declares no required credentials or env vars; and local config paths (/workspace-cpmo/risks.md, pending.md) are used but not declared. These mismatches suggest missing metadata or sloppy packaging.
Instruction Scope
The instructions tell the agent to run osascript to read and also to write Apple Notes, query Calendar events, call remindctl, read local markdown files, and query/create records in a Feishu spreadsheet. Reading and writing the user's Notes and local files and invoking system commands is powerful and expected for this feature, but it expands the agent's access surface (access to personal notes, calendars, and local workspace). The SKILL.md also embeds a Feishu App Token directly in the document (sensitive). The instructions do not constrain which paths to read beyond specific files/folders and do not document consent or least-privilege handling.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is written to disk by the skill itself. That is the lowest install risk. However the runtime depends on external tools (osascript on macOS, remindctl, and network access to Feishu) which must be present on the host; those dependencies are not declared.
Credentials
The registry metadata lists no required environment variables or credentials, but the SKILL.md includes an explicit Feishu App Token (ZhrMb0hAMa4A3IsvyZPcw7Gbn8d) and a table URL/ID. Embedding an app token in the instructions and not declaring it as a required credential is inconsistent and risky (exposes sensitive secret in plain text). The skill also references local filesystem paths and macOS apps without declaring required config paths or OS constraints.
Persistence & Privilege
always is false (good). The SKILL.md includes cron schedules for automatic runs (8:00 and 17:30) which implies autonomous scheduled invocation; the registry settings allow model invocation (disable-model-invocation: false) which is the platform default. This combination is reasonable for a reporting skill, but because the instructions grant the agent read/write access to Notes, Calendar and local files, automatic invocation increases the privacy blast radius — consider limiting automatic runs or explicit user confirmation.
What to consider before installing
This skill appears to implement the daily CPMO report by reading Apple Notes, macOS Calendar, remindctl, local markdown files, and syncing to Feishu — that matches the description, but several red flags remain:
1) Platform mismatch: The instructions use macOS-only osascript commands; the skill metadata does not restrict OS. Only install/use on a macOS host where you trust the agent. If you are not on macOS, the skill will fail.
2) Embedded credential: The SKILL.md contains a Feishu App Token and table URL/ID in plain text but the skill does not declare any required credentials. Treat that token as sensitive: embedding tokens in skill text is bad practice. Ask the author to remove secrets from the file and require the token as an env var or secure secret store (least privilege).
3) Undeclared local file access: The skill reads and writes local files (/workspace-cpmo/risks.md, pending.md) and writes to Apple Notes. Confirm those paths are correct and that you are comfortable giving the agent read/write access to those files and your Notes/Calendar. If not, request the skill declare required config paths and allow you to opt-out.
4) Dependency declarations: The skill expects remindctl and applescript runtime availability but doesn't declare dependencies. Ensure remindctl is a trusted CLI and available.
5) Autonomous runs: The skill includes cron schedules and allows autonomous invocation. If you want tighter control, require manual invocation or confirm each run.
Before installing: ask the maintainer to (a) remove hard-coded secrets and declare required env vars, (b) add an OS restriction (macOS) and declare required binaries/paths, and (c) document the Feishu scopes the token needs. If you cannot verify the token or the author's identity, do not install or run this skill with access to your personal Notes/Calendar or sensitive local files.Like a lobster shell, security has layers — review code before you run it.
automationvk97fmng8hhtkknkc088k6pxhq582yhmddailyvk97fmng8hhtkknkc088k6pxhq582yhmdlatestvk97fmng8hhtkknkc088k6pxhq582yhmdpmovk97fmng8hhtkknkc088k6pxhq582yhmdreportvk97fmng8hhtkknkc088k6pxhq582yhmd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.