target research
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated report may be copied to Google Drive automatically, which could expose confidential target-research work or business strategy if the user expected local-only output.
The skill makes a raw CLI cloud-copy command part of the default workflow. The command is scoped to the generated local report, but the artifact does not require an explicit user approval step before uploading.
Step 4.5: 上传 Google Drive — rclone copy 至 `gdrive:OpenClaw/靶点调研/`
Make Google Drive upload opt-in, ask for confirmation before running rclone, and provide a local-only mode.
The agent may use whichever Google Drive account is configured as `gdrive:` on the machine, creating or updating cloud files under that account.
Using an rclone Google Drive remote normally depends on an existing local authenticated profile, while the registry metadata declares no primary credential, environment variable, or config path. The affected account and permissions are therefore not made clear to the user.
Google Drive 上传: `rclone copy {本地文件} gdrive:OpenClaw/靶点调研/`Declare the rclone dependency and credential/config requirement, show which remote/account will be used, and require user confirmation before cloud upload.