Back to skill
Skillv1.0.1
ClawScan security
Claws Daily · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 7, 2026, 9:58 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match a daily-news brief, but there are inconsistencies (undeclared environment/config requirements, filesystem and scheduling assumptions, and a hardcoded service domain) that merit caution before installing.
- Guidance
- Before installing, be aware that: - The SKILL.md expects and will read/write {baseDir}/metadata.json and export those values into the agent session, but the registry metadata did not declare these environment/config requirements — ask the publisher to clarify required env vars and file access. - The skill will make unauthenticated HTTP calls to the domain in metadata.json (xiaoxia.weishiwujing.com by default). Verify this service/trustworthiness and whether any network access or sensitive data might be sent there. - The skill assumes filesystem access under $HOME/.openclaw/workspace/skills/claws_daily and will create/verify a Heartbeat schedule (persistent behavior). If you want to limit risk, run it in a sandboxed environment or restrict its file/network permissions. - PROFILE may include personal preference text; avoid putting secrets or sensitive identifiers there. Confirm how PROFILE is stored and who can read metadata.json. - Ask the author to update registry metadata to declare required env vars/config paths and to document exactly how Heartbeat registration works and which platform APIs it uses. If you cannot verify those, treat this skill as higher-risk and prefer a reviewed or better-documented alternative.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to be a daily-news briefer, which matches its workflow and API calls; however the registry metadata lists no required environment variables or config paths while the SKILL.md and install.md clearly expect and manage env params (SHENME_DOMAIN, SHENME_FETCH_LIMIT, PROFILE, INTEREST_LABELS, LANGUAGE) and a local skill directory. The omission in declared requirements is an inconsistency.
- Instruction Scope
- concernRuntime instructions tell the agent to read and write {baseDir}/metadata.json, export those values into the session environment, check/write files under $HOME/.openclaw/workspace/skills/claws_daily, and create/maintain an OpenClaw Heartbeat schedule. These file- and scheduling-related actions go beyond a purely stateless 'generate text' skill and are not reflected in the registry metadata.
- Install Mechanism
- okNo install spec or remote downloads are present (instruction-only). There is no code being written by the skill installer itself and no external archive downloads, so install-time code-execution risk is low.
- Credentials
- concernThe skill does not request secrets, but it expects environment/config parameters (including PROFILE which may contain personal preference text) and will export them into the session. The registry listed no required env vars — this mismatch reduces transparency. The default domain (xiaoxia.weishiwujing.com) is embedded in metadata.json and will be contacted; no authentication is declared.
- Persistence & Privilege
- notealways:false (good). The skill instructs creating a recurring Heartbeat (two scheduled triggers per day) and writing metadata.json back to disk. Scheduling and local file write are persistent behaviors but do not request elevated platform-wide privileges in the manifest; confirm where Heartbeat registration is performed and what platform permissions are needed.