express-monitor

ReviewAudited by ClawScan on May 10, 2026.

Overview

This package-tracking skill is mostly aligned with its purpose, but it stores bound phone numbers in plain JSON while claiming encrypted storage, so users should review it before use.

Install only if you are comfortable with tracking numbers being sent to Kuaidi100 and phone/tracking data being stored locally in readable JSON. Do not rely on the advertised encrypted phone storage or Feishu/automatic monitoring claims unless the maintainer updates the implementation and documentation.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

A user's phone number and package-tracking history may remain readable on disk by other local processes or anyone with access to the workspace.

Why it was flagged

Bound phone numbers are written to a persistent local JSON file with no encryption or access-control handling shown. The same script also persists tracking history under the OpenClaw workspace.

Skill content

PHONE_FILE = os.path.join(DATA_DIR, "phones.json") ... json.dump(phones, f, ensure_ascii=False, indent=2)

Recommendation

Either implement real encryption and clear retention controls, or accurately disclose plaintext storage and provide an easy unbind/delete command.

Medium

#ASI09: Human-Agent Trust Exploitation

What this means

Users may share a phone number believing it is encrypted when the provided implementation stores it in readable form.

Why it was flagged

The documentation promises encrypted storage for bound phone numbers, but the included code saves them directly with json.dump to phones.json.

Skill content

- 手机号绑定信息单独加密存储

Recommendation

Correct the documentation or implement verifiable encryption before asking users to bind phone numbers.

Low

#ASI02: Tool Misuse and Exploitation

What this means

The third-party tracking service receives the package tracking number being queried.

Why it was flagged

Tracking numbers are sent to Kuaidi100 endpoints for lookup. This is purpose-aligned and partially disclosed by the API/scraping notes, but it is still an external data flow.

Skill content

url = 'https://m.kuaidi100.com/query' ... data = { 'type': company_code, 'postid': tracking_number }

Recommendation

Tell users explicitly which provider receives tracking numbers and prefer an official API if available.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may fail or rely on whatever package version is already present in the environment.

Why it was flagged

The script depends on the requests package, but the skill has no install spec or dependency declaration.

Skill content

import requests

Recommendation

Declare required Python dependencies and versions in the install metadata.