Skillv2.5.0

ClawScan security

DailyBit — AI Tech Daily Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 7:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions match its stated purpose (a hosted daily tech digest); it is instruction-only, requests no credentials, and contains reasonable safety guidance for handling external content.
Guidance: This skill appears coherent and limited to calling https://dailybit.cc to fetch and summarize articles. It asks for no credentials by default — only optionally accepts a DailyBit token for personalization. Before installing, consider: (1) Do you trust dailybit.cc as an external service? The agent will make network requests there and include original article URLs in outputs. (2) The skill's Rule 1 forbids asking you what topics you want and instead infers interests from conversation history; if you prefer explicit control over topics, avoid using the token/personalization or instruct the agent to confirm choices manually. (3) If you do decide to provide a DailyBit token for personalization, treat that token like any API credential (only share if you trust the service and understand what the token exposes). The scan finding shown is benign here — it's the skill telling the agent to ignore prompt injections, not an attempt to inject them.
Findings: [ignore-previous-instructions] expected: The regex scanner flagged the phrase because it's commonly used in prompt-injection attacks, but in this SKILL.md it appears in a Security section instructing the agent to IGNORE prompt-injection attempts. This is a defensive mention and expected.

Review Dimensions

Purpose & Capability: okName/description (daily digest, Chinese summaries, tags, recommendations) align with the SKILL.md: all actions are calls to the documented dailybit.cc endpoints and local inference of user interests. There are no unrelated binaries, environment variables, or config paths requested.
Instruction Scope: noteInstructions are narrowly scoped to: discover tags, request article lists, fetch batched content, and synthesize summaries. They explicitly treat external content as untrusted and forbid executing code or following URLs. One behavioral choice — Rule 1 'Infer, Never Ask' — instructs the agent not to ask users about topics and to infer interests from conversation history; this is a design decision (not a direct security issue) but reduces user-facing transparency and could produce unwanted personalization if context is insufficient.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing is written to disk and there is no download or package installation risk.
Credentials: okThe skill declares no required env vars or primary credential. It documents an optional user API token for enhanced personalization (pstate=has_token) — that is proportionate to the stated personalization feature. The hardcoded query parameter 'ack=xinqidong' is odd but not a requested secret from the user.
Persistence & Privilege: okalways is false and it does not request persistent/system-wide privileges. Autonomous invocation is allowed (default) but there are no additional elevated privileges or cross-skill configuration changes.