ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Daily Report

v1.0.0

每日自动生成 AI 资讯日报并发送。使用场景:用户说 “生成 AI 日报” 或者系统通过定时任务触发。关键词包括:AI日报、AI资讯、开源AI项目、每日报告。

0· 87·2 current·2 all-time
by@fireflywwj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name/description (daily AI report) matches what the scripts do: fetch RSS/GitHub, render SVG/PNG, and send via Feishu. However the registry metadata declares no required env vars or binaries while the code clearly expects GITHUB_TOKEN and FEISHU_CHAT_ID and depends on external tools (openclaw CLI, rsvg-convert/ImageMagick). That omission is an incoherence (likely sloppy packaging) but not by itself malicious.
!
Instruction Scope
The SKILL.md and scripts instruct network calls (RSS feeds, GitHub API) and subprocess invocations. send_report.py calls the 'openclaw' CLI to upload and send files; this invokes an external agent-managed tool that could access agent-level credentials or other tooling. SKILL.md suggests storing GITHUB_TOKEN in ~/.openclaw/env (a system-level location) which implies reading system environment/config—this is not fully reflected in registry declarations. The skill does not instruct reading unrelated user files, but the ability to call the openclaw CLI broadens what the skill can do at runtime and is not documented as a required binary.
Install Mechanism
No install spec (instruction-only) and all code is included in the bundle: low install risk. But runtime depends on Python packages (feedparser, jinja2, optional googletrans/cairosvg), plus system binaries (rsvg-convert or ImageMagick) and the 'openclaw' CLI—none of which are declared in the registry metadata. The absence of declared runtime dependencies is a packaging/information gap to fix.
!
Credentials
The code requires GITHUB_TOKEN (for GitHub Search API) and FEISHU_CHAT_ID (destination chat) though the registry lists no required env vars. GITHUB_TOKEN is reasonable for the GitHub API, but token scope matters — a token with broad repo or org scopes would be excessive for simple read-only search. FEISHU_CHAT_ID itself is not a secret but the upload/send flow relies on the agent's Feishu credentials (not declared) and could be used to exfiltrate generated content to an attacker-controlled chat if misconfigured.
Persistence & Privilege
always:false and default autonomous invocation are normal. The skill does not request persistent 'always' inclusion and does not modify other skills. Note: it invokes the 'openclaw' CLI which has platform-level reach; that increases blast radius only if the CLI has broad permissions.
What to consider before installing
Things to check before installing or enabling this skill: - Confirm required environment variables and scopes: GITHUB_TOKEN (used for GitHub API) and FEISHU_CHAT_ID (where the PNG is sent). Make sure the GITHUB_TOKEN is read-only (minimal scopes) so it cannot be misused. - Verify the agent environment provides the 'openclaw' CLI and understand what credentials that CLI uses (the scripts call 'openclaw tool feishu_doc' and 'openclaw tool message'). If the CLI uses global agent credentials, ensure those credentials are limited and trusted, because the skill will invoke that CLI to upload/send files. - Ensure required runtime tools are present and acceptable: rsvg-convert or ImageMagick (system binary), and Python packages (feedparser, jinja2, optional googletrans/cairosvg). These are not declared in registry metadata—ask the publisher to update metadata. - Review who published this skill (source is unknown). Prefer skills from known publishers or ask the author to provide a homepage and proper registry declarations (required env, required binaries, and minimal token scope guidance). - Test in a sandboxed environment first and inspect where reports are sent (FEISHU_CHAT_ID). If you don't want automatic sending, run the pipeline locally and review outputs before enabling automated delivery. If the publisher updates the registry to declare the env vars and binaries, documents the exact token scopes required, and identifies the source/homepage, this would reduce the concerns and could move the assessment to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jy3dzry4r6csw6xmqe93v983ve30

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments