Skillv1.5.0

ClawScan security

码虫日报补课系统 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 1:45 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its name says (detect/generate missing daily reports), but there are several incoherent choices (hard-coded user paths, writing into another agent's reflections file, and intentionally masked exit codes) that make its behavior surprising and warrant caution.
Guidance: This skill appears to implement report detection/generation as advertised, but there are notable surprises you should consider before installing: - Hard-coded absolute paths: The scripts assume /home/colbert/.openclaw/workspace-coding-advisor (and related paths). If you are not the user 'colbert' the code will either fail or attempt to create/modify files under /home/colbert, which may be unintended or require elevated permissions. Before running, edit the WORKSPACE and path constants to point to the correct workspace for your environment. - Cross-agent file writes: The skill appends events to ~/hermes-agent/reflections.md (hermes_reflect). That modifies a different agent's artifact without declaring it. If you run multiple agents or have a Hermes agent, confirm you want these reflections written there or remove/redirect that behavior. - Masked exit codes: Both check_quality.py and catch-up.py intentionally default to returning exit code 0 unless special flags are provided. This will hide failures from automation pipelines. Use the provided flags (--check-only, --detect, --quiet) to get real exit codes, or modify the scripts if you want honest failure signals. - File writes: The skill will create/overwrite INDEX.md, report files (YYYY-MM-DD.md), logs, and a .catch-up-state file in the workspace. Backup important data before running and test in a safe/isolated workspace first. - No network calls were found (no obvious exfiltration), but absence of a scan finding doesn't guarantee safety. Read the code, run in a sandbox, and update paths/behavior to match your environment before granting it regular use. Practical steps: run the scripts in --detect/--check-only mode first; inspect what files would be created; change WORKSPACES constants to your paths; remove or control hermes_reflect if you don't want cross-agent writes; and consider running inside a throwaway workspace to validate behavior.

Review Dimensions

Purpose & Capability: concernName/description claim is aligned with the code: scripts detect missing reports, generate catch-up reports, update an INDEX, and render dashboards. However the code is tightly bound to a specific absolute workspace (/home/colbert/.openclaw/workspace-coding-advisor) and to a Hermes reflections path in the user's home (~/hermes-agent/reflections.md). A general-purpose 'daily report catch-up' skill should not hardcode a specific user's home path or another agent's reflection file; this is an odd design choice and reduces portability and safety.
Instruction Scope: concernSKILL.md and the scripts instruct the agent to read and write local files (reports, INDEX.md, logs, state) which is expected. Concerning points: (1) hermes_reflect() appends events to ~/hermes-agent/reflections.md — writing into what appears to be another agent's file (cross-agent modification); (2) SKILL.md and catch-up.sh recommend using absolute paths to avoid exec precheck issues, reinforcing reliance on absolute filesystem locations; (3) the quality checker and catch-up scripts intentionally mask non-zero exit codes by default (they return 0 unless flags used). These broaden the scope beyond simple detection/generation and can hide failure conditions from automation.
Install Mechanism: okThere is no install spec in the registry metadata (instruction-only). The package includes code files to be placed on disk when the skill is installed, but no remote downloads or package manager steps are present in the manifest.
Credentials: concernThe skill declares no environment variables, which matches metadata, but it performs file I/O to hard-coded absolute paths under /home/colbert and to Path.home()/hermes-agent. That is disproportionate for a generic skill (it implicitly assumes a particular user's file layout). It also modifies files outside its own skill directory (logs, state, INDEX, and the Hermes reflections file). No API keys or network credentials are requested, and no network calls are present, which is good, but cross-agent file writes and hardcoded user paths are unexpected and risky.
Persistence & Privilege: noteThe skill is not marked always:true and does not request elevated platform privileges. It does, however, write persistent files (logs, state, INDEX updates, generated reports) into user directories and into a Hermes reflections file. While writing its own state/logs is normal, writing into another agent's reflections file is a form of cross-skill persistence that should be deliberate and explicitly authorized.