v1.0.0

Logistics Tracker

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:29 AM.

Analysis

The skill fits its logistics purpose, but it can use shipping and email credentials, read order data, persist customer shipment details, and send real customer or Discord notifications automatically.

GuidanceReview this carefully before installing. Use dry-run first, declare and scope the 17Track and SMTP credentials, verify the sibling order-tracker and imap-smtp-email skills, replace hard-coded Wilson paths/recipients, restrict cron scheduling, and confirm exactly which customer emails and alert channels will receive notifications.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

客户邮件通知 — 发货 + 签收默认推送 ... 执行一次完整调度周期（查询 + 状态更新 + 通知 + 异常检测） node scripts/scheduler.js

The default scheduler path is live and includes notifications, so invoking it can send customer emails and update shipment state, not just read data.

User impactA normal run or cron job could contact customers automatically if shipment data contains customer email addresses.

RecommendationRun dry-run first, review recipient lists and templates, and require human approval or an allowlist before enabling live customer notifications.

Unexpected Code Execution

SeverityLowConfidenceMediumStatusNote

scripts/customer-notify.js

const { execFileSync } = require('child_process'); ... const SMTP_SCRIPT = path.resolve(__dirname, '../../imap-smtp-email/scripts/smtp.js');

The notifier uses a child process and a sibling SMTP skill script; this is related to the stated email function but increases the code path that can send messages.

User impactEmail delivery depends on another local script, so behavior and permissions also depend on that sibling skill.

RecommendationReview the imap-smtp-email skill and prefer a bounded API call or a well-documented helper interface if available.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Cron 调度建议 ... 每 6 小时执行一次完整调度周期 ... 0 */6 * * * cd /Users/wilson/.openclaw/workspace/skills/logistics-tracker && node scripts/scheduler.js

The artifacts suggest persistent cron execution, but it is presented as a user-directed setup step rather than hidden persistence.

User impactIf enabled, the skill can keep running on a schedule and repeatedly query APIs, update local state, and send notifications.

RecommendationEnable cron only after testing, monitor logs and quota use, and disable the schedule when the tracker is no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

config/logistics-config.json

"api_key_env": "TRACK17_API_KEY", "headers": { "Content-Type": "application/json", "17token": "${TRACK17_API_KEY}" }

The config expects a 17Track API credential, while the registry metadata declares no required env vars or primary credential.

User impactA user may not realize the skill needs delegated access to a shipping API and email-sending account before enabling it.

RecommendationDeclare required credentials and scopes explicitly, and keep the 17Track and SMTP credentials limited to the minimum accounts needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

config/logistics-config.json

"alert_channels": { "primary": "discord", "secondary": "email", "email_recipient": "wilson" }, "no_update": "⚠️ 运单 {tracking_number}（客户 {customer_name}）已 {days} 天无物流更新"

Anomaly alerts can include tracking numbers and customer names and are routed to Discord/email, but the destination identity and credential boundary are not declared in metadata.

User impactCustomer shipment details could be sent to an unintended Discord channel or email recipient if configuration is not reviewed.

RecommendationSet explicit, user-owned alert destinations, remove hard-coded personal recipients, and avoid including unnecessary customer data in alerts.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/customer-notify.js

const NOTIFY_HISTORY_PATH = path.resolve(__dirname, '../data/notification-history.json'); ... Structure: { [trackingNumber]: { events: [ { eventId, eventType, sentAt, recipient } ] } }

The skill persistently stores notification history tied to tracking numbers and recipients.

User impactLocal files may accumulate customer emails, order references, tracking numbers, and notification records.

RecommendationProtect the data directory, define retention rules, and avoid reusing these records outside logistics workflows.