doc-export
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: doc-export Version: 1.0.0 The skill 'doc-export' (SKILL.md) instructs the agent to move conversation summaries from a private workspace to a public-facing web directory (`/www/wwwroot/ucloud.demo.binyuli.top/`) to facilitate user downloads. This behavior is high-risk as it hardcodes a specific external domain (ucloud.demo.binyuli.top) and potentially exposes sensitive conversation data or secrets to the public internet. While the instructions include a cleanup step, the initial exposure and the use of a specific, non-generic endpoint are significant indicators of potential data exfiltration or insecure data handling.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A document may become publicly reachable on the internet, potentially exposing private conversation details, credentials, or configuration examples if they were included in the chat.
The skill instructs the agent to publish generated conversation-derived documents into a public web root and provide a public URL, but it does not specify access controls, redaction, or a final confirmation step before publication.
复制文件到 nginx web 目录:`/www/wwwroot/ucloud.demo.binyuli.top/` ... 下载链接格式:`https://ucloud.demo.binyuli.top/<文件名>`
Require explicit user approval before publishing, warn that the link is public, redact secrets, and use access controls or unguessable temporary links.
The agent may need elevated or server-specific filesystem authority, and a mistake could modify files in a live web directory.
The skill requires writing to absolute system/server paths, including a root-owned workspace path and an nginx web directory, while the metadata declares no required config paths, credentials, or environment requirements.
保存到 `/root/.openclaw/workspace/docs/` 目录 ... 复制文件到 nginx web 目录:`/www/wwwroot/ucloud.demo.binyuli.top/`
Declare the required paths and permissions, make the web root configurable, restrict writes to a dedicated subdirectory, and confirm ownership before use.
Private information from the conversation may remain on disk indefinitely even after the public download file is cleaned up.
The skill intentionally keeps an archive copy of generated documents after the web copy is deleted, but does not define retention duration, cleanup controls, sensitivity filtering, or whether future tasks may access the archive.
保留 `/root/.openclaw/workspace/docs/` 下的原始文档(作为归档)
Offer deletion of archived copies, set a retention policy, avoid storing secrets, and clearly tell the user what remains after cleanup.