Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily Shortdrama Report
v1.0.0每日短剧工作总结技能。用于生成精简的短剧/AI漫剧团队每日工作报告,包含工作量统计、对话次数/Token使用量、内容生产进度。触发词:日报、工作日报、每日总结、每日报告。
⭐ 0· 52·0 current·0 all-time
byEVspace@elevenzhou
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (generate a daily short‑drama team report including counts, token usage, progress) aligns with the instructions to collect token usage, daily production records, and target comparisons. Reading memory files and session token counts is coherent for this purpose.
Instruction Scope
The SKILL.md explicitly instructs the agent to call a session_status tool and to read memory/YYYY-MM-DD.md (today and yesterday) and memory/targets.md. These are concrete accesses to session metadata and user memory. However, the skill does not declare these as required config paths/tools or describe limits on what to read or how to sanitize sensitive content (e.g., personal data that may be in memory). It also asks to report 'called skills' which likely requires reading activity logs; the source/permissions for that are not explained.
Install Mechanism
Instruction-only skill with no install spec or code files. This minimizes code-install risk (nothing is downloaded or written by the skill itself).
Credentials
Metadata declares no required env vars or config paths, yet runtime instructions rely on session_status and memory files. That is a mismatch: the skill will access user/session data that is not declared. While no external credentials are requested, the skill still reads potentially sensitive internal data (session token counts and user memory).
Persistence & Privilege
always:false and no special persistence or system modifications. Autonomous invocation is allowed (default) but not combined with elevated privileges. No indication the skill modifies other skills or global agent settings.
What to consider before installing
This skill appears to do what it says (assemble a daily report), but it expects to read session token usage and read memory files (memory/YYYY-MM-DD.md and memory/targets.md) even though those accesses are not declared in the skill metadata. Before installing:
- Confirm whether your agent/platform exposes a session_status tool and a memory/ directory; this skill will try to read them.
- Inspect the contents of your memory files (or use test/dummy data) because the skill will read potentially sensitive team or personal data.
- Ask the skill author (or documentation) to explicitly declare required config paths/tools and to describe data-handling rules (what is read, retention, redaction).
- If you cannot confirm or restrict access to memory, avoid installing or run the skill in a limited/test environment first.
- Because the skill is instruction-only (no install), the code risk is low, but the privacy risk from reading agent memory/session state is real—treat it like granting read access to your agent's memory and session logs.Like a lobster shell, security has layers — review code before you run it.
dailyvk9799w53jxnaax3qzxj6gdmzjd83rqzglatestvk9799w53jxnaax3qzxj6gdmzjd83rqzgreportvk9799w53jxnaax3qzxj6gdmzjd83rqzg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.