Skillv1.0.0

ClawScan security

Morning Meeting Bwm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 16, 2026, 6:36 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's described behavior (reading and posting to Slack, delegating and executing tasks) requires Slack credentials and broader execution authority that are not declared or implemented in the package, creating an incoherence that warrants caution.
Guidance: This skill's description and instructions expect Slack read/write access and the ability to execute delegated tasks, but it does not declare how it will obtain Slack credentials or what exact actions 'execute tasks' entails. Before installing: 1) Confirm where Slack credentials will come from (platform connector vs env vars) and require least-privilege tokens scoped only to the #morningmeeting channel and message-posting. 2) Ask the skill author to declare required env vars (SLACK_TOKEN or connector details) and to document exactly which agent actions will be performed automatically. 3) Review and limit the agent's ability to perform arbitrary executions; prefer a sandbox or require human approval for non-trivial actions. 4) Verify logs and storage locations (memory/meetings and tasks) and ensure sensitive content is handled appropriately (redaction, retention). 5) If you cannot verify credentials and execution controls, run this skill in an isolated account/workspace first. These inconsistencies may be benign omissions, but they materially affect security and should be resolved before trusting the skill with real Slack data or live task execution.

Review Dimensions

Purpose & Capability: concernThe name/description and SKILL.md consistently describe reading a Slack channel, delegating tasks, executing them, and posting summaries. However, the skill declares no required environment variables or credentials—yet reading/posting to Slack requires authentication (tokens/keys). This mismatch suggests missing declarations or assumptions about where credentials come from.
Instruction Scope: noteSKILL.md directs the agent to read #morningmeeting, parse transcripts, delegate to many named AI agents, execute tasks agents can handle immediately, and write meeting/task memory under ~/ .openclaw/workspace. Those instructions are broad (especially 'execute any tasks agents can handle immediately') and leave critical implementation details (how Slack is accessed, what delegated agents may run) unspecified, giving the agent wide discretion at runtime.
Install Mechanism: okNo install spec is present and the only code file is a small bash helper that creates directories and writes a log message. There is no archive download or third-party package install, so on-disk changes are minimal and visible.
Credentials: concernThe skill requires reading and posting to Slack channels but lists no environment variables or primary credential. It also writes persistent files under the user's home workspace. Either the skill expects platform-provided credentials (not documented) or it will rely on ambient credentials that could be broader than necessary—both are disproportionate and undocumented.
Persistence & Privilege: noteThe skill does not request 'always: true' and does not modify other skills. It creates files/logs under ~/.openclaw/workspace, which is a reasonable local memory location. However, because autonomous invocation is allowed and the instructions permit executing tasks, this combination increases the operational blast radius if the agent obtains Slack access or other privileges.