Skillv0.3.0

ClawScan security

科技新闻日报 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 12:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (search, dedupe, write local markdown, create and post Feishu docs) matches its description, but the instructions implicitly require Feishu credentials/tokens (and even include specific tokens in the reference file) while the skill declares no required credentials — this mismatch and the presence of hard-coded tokens are concerning.
Guidance: This skill appears to do what it says (collect/organize tech news and sync to Feishu), but it has important inconsistencies you should resolve before installing: 1) Confirm how Feishu authentication is provided — the SKILL.md expects owner_open_id, folder_token/space_id and the ability to post to groups but the skill declares no required credentials. Do not supply global/High-privilege tokens blindly. 2) The references file contains hard-coded space_id/node_token/owner_open_id values — verify these belong to you or are placeholders; hard-coded tokens can leak access. 3) Ask the author which credentials the agent/platform will use for Tavily and Feishu operations and whether those credentials are scoped (least privilege) to only create docs/post messages. 4) Confirm what 'memory/YYYY-MM-DD...' maps to on your agent (where files are written, retention, access controls). 5) If you cannot verify ownership/intent for the Feishu tokens and required permissions, avoid installing/using the skill or replace tokens with your own scoped credentials. Providing these clarifications would raise confidence and could make the skill benign.

Review Dimensions

Purpose & Capability: concernThe name and description (daily tech news collection, Tavily search, write local file, sync to Feishu) align with the instructions. However, the SKILL.md expects Feishu operations (create/write docs, send group messages) and references owner_open_id, folder_token and space_id — yet the skill declares no required environment variables or credentials. Asking for Feishu access is reasonable for the stated purpose, but the lack of declared credentials is an incoherence.
Instruction Scope: concernInstructions are specific and scoped to the task (search, merge, de-duplicate, score, generate theme graph, write files, create Feishu doc, send to Feishu group). Concerns: (1) the references file contains apparently hard-coded tokens/IDs (space_id, node_token, owner_open_id) which could be sensitive or misleading if they belong to someone else; (2) the skill instructs direct writes to a local 'memory/...' path and checkpoint JSON files — this is expected for caching but the platform/agent semantics of 'memory/' and permissions should be confirmed; (3) the SKILL.md implicitly relies on Feishu and message tooling without declaring or explaining required auth/consent.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal install risk. No external downloads or package installs are requested.
Credentials: concernThe skill performs actions that require credentials/permissions (create/write Feishu docs, post to Feishu group, possibly access Tavily). Yet requires.env is empty. This is disproportionate because Feishu tokens, owner_open_id, folder_token or equivalent API credentials should be declared and provided by the user; hard-coded tokens in references are suspicious and may not be appropriate to reuse.
Persistence & Privilege: okalways is false and the skill does not request to persist itself or modify other skills. It writes to its own memory/checkpoint files, which is consistent with its function. Autonomous invocation is allowed (platform default) but not by itself a red flag here.