ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

daily-report-bian

v1.0.2

自动生成并在指定时间通过飞书推送每日研究进展报告,内容涵盖今日进展、延续项目、明日计划及系统状态,字数不超1000字。

0· 171·0 current·0 all-time
by@databian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim to generate and push daily reports; the code reads session JSONL and recent memory files and writes an appended report — this aligns with the stated purpose. However the skill reads agent session storage (/root/.openclaw/agents/main/sessions) and workspace memory (/root/.openclaw/workspace/memory), which are broader OS paths than a purely 'report formatting' task and may contain unrelated or sensitive conversations. That access is plausible for this feature but worth noting.
!
Instruction Scope
SKILL.md explicitly directs reading today's session JSONL and recent memory files and appending the generated report to memory files — these steps are within a report generator's scope. But the instructions promise pushing to Feishu without explaining how authentication is obtained. The code references platform-specific paths and includes child_process.execSync (imported at top), which gives the script the ability to run arbitrary shell commands at runtime; the SKILL.md does not document what external commands will be invoked. The combination of file reads, file writes, and possible shell execution increases risk if not audited.
Install Mechanism
The skill is instruction-only with no install spec; generate.js and supporting files are included in the skill bundle. No network downloads or package installs are performed during install, which minimizes install-time risk.
!
Credentials
The skill claims to push messages via Feishu but declares no required environment variables or credentials. There's no visible Feishu app ID/secret or token in the manifest. This is inconsistent: pushing to an external service normally requires credentials. Possible explanations: (a) it relies on platform-provided push infrastructure/credentials (not declared), (b) the remainder of generate.js (truncated in the review) contains credential handling or network calls, or (c) it executes external CLI commands to send messages (execSync). Because credentials and network-send behavior are not documented, it's unclear whether the skill will attempt to access or transmit sensitive agent session data externally, which is a privacy concern.
Persistence & Privilege
The skill does not request always:true and has no install hooks modifying other skills or system-wide settings. Autonomous invocation is allowed (platform default). It writes to its own memory files (appending generated reports), which is expected. Note: autonomously reading agent sessions + sending externally (if it does) would increase blast radius, so autonomy combined with the other concerns is important to consider.
What to consider before installing
Before installing, review the remainder of generate.js (the truncated portion) to confirm how messages are sent to Feishu and where credentials come from. Specifically: 1) Verify there are no hardcoded tokens or remote upload endpoints; 2) Confirm whether the script uses platform-integrated push APIs (and that those are acceptable) or directly calls Feishu APIs (in which case it should require and document an API token); 3) Inspect any execSync usages to see what shell commands are run; 4) Consider the privacy implications of the skill reading /root/.openclaw/agents/.../sessions and the memory directory — these contain conversation history and may include sensitive content; 5) If you proceed, run the skill in a restricted environment or with read-only copies of the session/memory data until you verify its network behavior. If you can provide the full, untruncated generate.js (or point to the push/dispatch functions), I can give a higher-confidence assessment.
generate.js:186
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9779chde03k0at0vmtt8wb36982v1kz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments