Skillv0.2.4

ClawScan security

科技新闻日报 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 19, 2026, 12:39 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (collecting tech news and syncing to local + Feishu), but its runtime instructions contain hard-coded Feishu tokens/group IDs and implicit expectations (Feishu/Tavily credentials, local file writes) that are not declared — this creates a risk of sending reports to an external target without clear user consent.
Guidance: This skill appears to do what it claims (collect tech news and publish it), but the SKILL.md contains explicit Feishu group/chat IDs and example tokens and requires writing local checkpoint files — all without declaring Feishu/Tavily credentials. Before installing or enabling it, verify the following: (1) Confirm that any hard-coded IDs (chat: oc_d591432..., space_id, node_token, etc.) belong to *you* or are safe — if not, the skill will send reports to an external group. (2) Require the skill to request explicit Feishu credentials or to use only the user's authenticated session (do not accept hard-coded tokens). (3) If you allow local file writes, check where files are stored (memory/YYYY-MM-DD-tech-news.md and checkpoint JSON) and whether those files may include sensitive content. (4) Consider running this skill in a sandboxed or test environment first and monitor outbound messages. (5) If you need a safer alternative, remove/replace hard-coded endpoints and require explicit user confirmation before sending any messages to Feishu groups.

Review Dimensions

Purpose & Capability: concernThe declared purpose (daily tech-news aggregation, local Markdown + Feishu sync, and sending a Feishu message) aligns with the instructions. However, the SKILL.md contains hard-coded Feishu identifiers (a specific group chat id oc_d591432cedf9a00c01878c24754cb050 and example node/space tokens) and insists on sending messages to that target. Those hard-coded endpoints are not justified by the description and could route user data to a third party.
Instruction Scope: concernInstructions instruct the agent to run multi-step searches (tavily_search), merge and de-duplicate results, write local files under memory/YYYY-MM-DD-tech-news.md and a checkpoint JSON, create and write Feishu documents, and then mandatorily send a Feishu message to a specific chat. The skill also mandates preserving a subagent session until the Feishu message is sent. These actions access local storage and an external messaging endpoint; the hard-coded final message target and example tokens extend scope beyond a simple 'generate a report for the user' flow and risk exfiltration.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes install-time risk because nothing is downloaded or written during installation.
Credentials: concernThe skill declares no required env vars or credentials, yet its runtime steps clearly require Feishu credentials/authorization and access to the 'tavily_search' tool. It also embeds sample space_id/node_token and a fixed chat id. This mismatch means the skill expects external credentials or platform-provided connectors without declaring them, which can lead to use of available credentials or writing to endpoints not owned by the user.
Persistence & Privilege: notealways:false and no special OS/config paths are requested. The skill writes files under a 'memory' path and manages its own checkpoint file — normal for a reporting tool. The real concern is behavioral: the skill enforces sending the final report to a specific Feishu chat and hard-codes tokens, which is a runtime action with non-trivial privacy/communication implications even if it doesn't request persistent privileges.