Skillv1.0.0

ClawScan security

Design Daily Insights · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 7:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (scraping and summarizing design news) but contains a few mismatches and operational behaviors you should be aware of before installing (hard-coded user paths, undeclared required tools, and instructions to publish a local server publicly).
Guidance: Before installing, consider these practical checks: - The skill assumes you have the openclaw CLI, git, and optionally npx/vercel and a way to run a local HTTP server; the registry metadata lists none of these. Install or confirm these tools if you plan to run it. - SKILL.md references an absolute path (/Users/Ellison/...) — edit the path to point to a directory on your machine (or the skill's workspace) so files are written where you expect. - The skill writes and updates memory/design-digest-state.json (local filesystem) and writes an HTML site; review that file location and contents to ensure you’re comfortable with local read/write. - The instructions suggest exposing the local server via locaddr.run (public tunnel). If you do this, the generated HTML (and any scraped content) becomes publicly accessible; avoid tunneling if you don’t want public exposure. - setup-git.sh will initialize a git repo and make a commit if you run it; it does not push without you adding a remote. Inspect and run scripts manually rather than trusting automated runs. - If anything is unclear (author identity, intended deploy path, or whether public tunneling is required), ask the author to correct the hard-coded paths and to document required binaries in the manifest. - As best practice, run the skill in a sandboxed environment (or a throwaway workspace) first to confirm behavior and outputs.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (daily design news digest) aligns with its instructions to web_fetch/web_search, dedupe a memory file, generate bilingual summaries and render an HTML page. However, the manifest declares no required binaries/config paths while the SKILL.md and scripts clearly assume presence of tools (openclaw CLI, git, npx/vercel, and ability to run a local HTTP server / use locaddr.run). The mismatch between declared requirements (none) and expected runtime tools is an inconsistency that should be fixed or noted by the author.
Instruction Scope: concernRuntime instructions read and write a local state file (memory/design-digest-state.json) and write an HTML page at a workspace path. SKILL.md contains an absolute path (/Users/Ellison/.openclaw/workspace/design-daily-site/index.html) which is specific to another user's environment and likely incorrect for new installers — this is a potentially confusing or risky hard-coded path. The skill also advises exposing a local HTTP server via locaddr.run (public tunnel), which will make scraped/aggregated content publicly accessible; users should be aware this publishes local output to an external service. Otherwise the instructions do not attempt to access unrelated secrets or system config.
Install Mechanism: okThere is no automated install that downloads remote code; this is instruction-only with two small helper scripts. The included scripts (cron wrapper and git init/push helper) are simple and understandable. No remote download URLs or extract operations are present in the install files. Overall low install risk, but the scripts assume user will run them and have git/openclaw available.
Credentials: noteThe skill declares no required environment variables or credentials, and the instructions don't request API keys. That is proportionate to the described job. However the runtime uses the agent's OpenClaw session channels (e.g., sending to Feishu) and the README examples reference passing a session-key for cron — these rely on existing agent/session credentials (not requested by the skill). Also the scripts check OPENCLAW_BIN env var as an override; this is reasonable but not declared. No secrets are explicitly requested or exfiltrated by the files provided.
Persistence & Privilege: okThe skill is not force-included (always: false) and does not request elevated or global persistence. It reads/writes its own local state file and writes an output HTML under the workspace; this is consistent with its functionality. It does not modify other skills or system-wide settings.