Skillv1.0.0

ClawScan security

fund-monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:14 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's fund-monitoring code matches its stated purpose, but it contains undeclared hard-coded Feishu credentials and scripts that read local files and automatically post reports to an external Feishu doc — a capability not disclosed in SKILL.md and therefore suspicious.
Guidance: This skill mostly does what it says (fetches fund data), but the package contains undeclared behaviour that posts reports to a Feishu document using hard-coded credentials. Before installing or running it: - Inspect and understand the hard-coded strings: DOC_TOKEN, APP_ID, APP_SECRET appear in append-fund.js and update-feishu.js. These allow the skill to authenticate to open.feishu.cn and append content to a remote doc. - Be aware scripts read local files (e.g., /Users/js/.openclaw/workspace/fund_data.json and ~/.openclaw/workspace/skills/fund-monitor). That could expose local data to the Feishu endpoint when run. - If you need Feishu integration, prefer replacing hard-coded credentials with environment variables you control, and limit the app's permissions; do not use the embedded secrets. - Do not run run-fund-report.sh or update scripts until you confirm what will be sent and to which account; run the fund-monitor scripts in a sandboxed environment first and inspect outputs. - Ask the publisher for clarification: why Feishu credentials are embedded, who owns the Feishu doc, and whether the behaviour should be documented in SKILL.md. - If you cannot verify the origin or purpose of the embedded credentials, avoid installing or executing the reporting scripts, and consider removing the remote-posting code or replacing credentials with your own securely stored values.

Review Dimensions

Purpose & Capability: concernThe Python scripts fetch fund data from expected public sources (eastmoney) which matches the skill description. However, multiple files (append-fund.js, update-feishu.js, run-fund-report.sh) implement automatic posting to a Feishu document using hard-coded DOC_TOKEN, APP_ID, and APP_SECRET. SKILL.md does not mention Feishu integration or automatic posting, so these external-reporting capabilities are undeclared and disproportionate to the stated usage examples.
Instruction Scope: concernSKILL.md shows only query and analysis commands and mentions '每日涨跌播报' but does not instruct the agent to read local files or push data to Feishu. The included scripts (append-fund.js, update-feishu.js, run-fund-report.sh) read local data (/Users/js/.openclaw/workspace/fund_data.json and workspace paths) and send parsed results to open.feishu.cn. That means data produced or present on the host may be transmitted to an external endpoint not described in the runtime instructions.
Install Mechanism: okThere is no network download/install step included (instruction-only with bundled code files). No external install URLs or archive extraction are used. The presence of multiple runnable scripts is expected for a skill with local reporting behavior.
Credentials: concernThe skill metadata declares no required environment variables or credentials, but the code embeds plaintext Feishu credentials (DOC_TOKEN, APP_ID, APP_SECRET) in both append-fund.js and update-feishu.js. Embedding credentials rather than declaring them as required env vars is inconsistent and risky. The scripts will use these credentials to authenticate to Feishu and append data to a remote document.
Persistence & Privilege: okThe skill is not configured with always:true and does not request elevated platform privileges. However, run-fund-report.sh and run_fund.sh are present and, if executed by the agent or scheduled externally, will cause automatic remote updates. Autonomous model invocation is allowed by default (not a specific issue unless combined with the other red flags).