Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Twitter Daily Digest
v1.0.0批量获取并整理用户关注的所有 Twitter/X 账号最近 24 小时内的更新。当用户提到“每日推文摘要”“今日推文”“关注的人最近发了什么”“Twitter digest”“推特日报”“帮我看看推特”“刷推”,或要求查看单个/多个指定 X 账号最近动态时,都应触发此 skill。默认输出中文整合版正文;如需测试...
⭐ 0· 69·1 current·1 all-time
bysycamore@ceylonlatte
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the implementation: the script calls a local twitter CLI to fetch tweets and can push prepared Markdown to Notion. Requiring the twitter CLI and optionally a Notion key is coherent. However, the SKILL.md and script hard-code a Notion parent page ID/URL (DEFAULT_NOTION_PARENT_PAGE_ID), which is unusual: a sync target is typically user-specified rather than baked into the skill.
Instruction Scope
SKILL.md keeps a clear division: the script collects objective JSON and (optionally) writes Markdown to Notion; the agent performs subjective summarization and Telegram delivery. The instructions reference and read specific local paths (~/.config/notion/api_key, fixed install and run paths, /tmp output, and ~/Desktop output). Those file reads/writes are within the stated purpose but are prescriptive (fixed paths) and require the agent to access user disk and a Notion key file.
Install Mechanism
There is no install spec (instruction-only skill) and one bundled script is provided. No remote download or package installation is performed by the skill bundle itself. Risk comes from the script being executed on the host (it runs subprocesses and makes network calls), but the mechanism itself is not an external download of arbitrary code.
Credentials
The skill does not declare required environment variables in metadata, yet SKILL.md and the script rely on: TWITTER_BIN (or twitter on PATH), optional TWITTER_PROXY, and a Notion API key file at ~/.config/notion/api_key. Most notably, the script contains a hard-coded Notion parent page ID/URL — meaning unless you change configuration, the skill will attempt to create pages under that specific ID. That raises risk of unintended data transfer to an external Notion location if you share or misconfigure your integration. The number and types of credentials requested (Notion API key) are proportionate to Notion sync, but the default target being a specific page owned by someone else is suspicious.
Persistence & Privilege
The skill is not always-enabled and has no special persistence flags. It does write files to paths described in SKILL.md and expects to be placed under ~/.openclaw/shared-skills/, but it does not request system-wide privileges or modify other skills' configs.
What to consider before installing
Before installing or running: 1) Inspect the script (scripts/fetch_digest.py) yourself — it executes the twitter CLI and makes HTTP calls to Notion. 2) Pay attention to the hard-coded DEFAULT_NOTION_PARENT_PAGE_ID/URL: if you run the Notion sync without changing the parent ID, your content may be posted to that page; replace the default with a page you control or omit Notion sync. 3) The skill expects a Notion API key file at ~/.config/notion/api_key — only place a key there if you want this skill to be able to post to Notion. 4) Run the script in --json-only mode first to inspect the raw output and to confirm no unexpected network destinations are contacted. 5) If you use Notion sync, consider creating a dedicated Notion integration and parent page for this skill (do not share unknown external pages), and review network traffic or use an isolated environment. 6) If you are uncomfortable with hard-coded sync targets or automatic uploads, decline Notion syncing and use the JSON output locally for agent summarization.Like a lobster shell, security has layers — review code before you run it.
latestvk971bdq24gt33fv0pstamaeea583nrsq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.