v1.0.0

网络安全情报爬虫

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:28 AM.

Analysis

The crawler’s purpose is plausible, but it uses undeclared credentials, references a missing runner that supposedly contains hardcoded secrets, and describes hourly cron-style background writes to IMA notes.

GuidanceReview this skill before installing. Ask for the missing run.sh and cron setup, remove any hardcoded credentials, avoid `run-parts /etc/cron.hourly`, provide only scoped IMA/MiniMax credentials, and confirm how to disable or remove the scheduled job.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

bash ~/.openclaw/workspace/skills/sec-news-crawler/scripts/run.sh ... Cron：每小时整点执行 `scripts/run.sh` ... 已在 `scripts/run.sh` 中硬编码

SKILL.md makes scripts/run.sh the main runner and says credentials are hardcoded there, but the provided file manifest does not include run.sh.

User impactA user or agent may be instructed to run an unreviewed or missing helper script that could contain credential handling and scheduling behavior not visible in the submitted artifacts.

RecommendationDo not run the referenced helper until the actual run.sh and cron setup are provided and reviewed; remove hardcoded credentials from helper scripts.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

| 手动触发 cron | `run-parts /etc/cron.hourly`（系统级）|

This command triggers all system hourly cron jobs, not just this crawler, making it broader than the skill’s stated task.

User impactRunning that command could execute unrelated system scheduled tasks and cause side effects outside the security-news crawler.

RecommendationUse a scoped command that runs only this skill’s crawler script, and avoid system-wide cron triggers from skill instructions.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

每小时从多个安全社区 RSS 抓取最新文章 ... **Cron**：每小时整点执行 `scripts/run.sh`

The artifacts describe recurring autonomous execution that writes to IMA notes, but do not provide a clear bounded install, disable, or cleanup mechanism.

User impactThe crawler could continue creating notes on a schedule after the immediate user request is finished.

RecommendationBefore enabling it, verify the exact crontab entry, log path, credential scope, and removal procedure.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/vuln_crawler.py

IMA_CLIENT_ID  = os.environ.get("IMA_OPENAPI_CLIENTID", "") ... MINIMAX_API_KEY = os.environ.get("MINIMAX_API_KEY", "") ... _cfg = os.path.join(..., "openclaw.json") ... "apiKey"

The code uses IMA credentials and can read a MiniMax provider API key from local OpenClaw configuration, even though the registry metadata declares no required credentials or env vars.

User impactInstalling or running the skill can give it access to create IMA notes and use a MiniMax API key that the user may not realize is being used.

RecommendationDeclare these credentials explicitly, avoid reading provider keys from local profile files unless the user opts in, and use scoped secret/environment-variable handling.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/crawler.py

lines.append(f"## {i}. {article['title']}") ... lines.append(f"- 摘要：{article['summary']}") ... doc_id = import_doc(content, note_title, folder_id)

External RSS titles and summaries are stored persistently in IMA notes.

User impactIf a feed item contains misleading or prompt-like text, that content could be saved into notes and later be reused by an agent as context.

RecommendationTreat saved feed content as untrusted reference material, not instructions; consider sanitizing or labeling imported content.