Back to skill
Skillv1.0.0
ClawScan security
Custom Morning Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 23, 2026, 12:44 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (generate and push a morning brief) is plausible, but the runtime instructions reference reading local user files and calling external APIs and a fixed Feishu target without declaring required credentials or explaining scheduling — the pieces are inconsistent and could leak sensitive data.
- Guidance
- Before installing, verify and control where your data will be read from and sent. Questions to resolve: (1) Where are hot.md and USER.md stored and what sensitive data do they contain? (2) Which credentials (Feishu token, Tencent/tianji-data API key, search API keys) are required and who will supply them — update the skill to declare those env vars explicitly. (3) Why is the Feishu target hard-coded to ou_fd61d5…? If you install, replace the hard-coded recipient with a configurable target or require explicit consent per send. (4) Confirm how the scheduled automatic runs are triggered and require an opt-in. If you cannot verify the destination and required credentials, treat this skill as risky and do not grant agent access to USER.md or production credentials.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes generating and sending a morning brief to Feishu and pulling data from tianji-data, batch_web_search, hot.md, and USER.md. The registry metadata declares no required environment variables or credentials, yet the described functionality clearly needs API credentials (e.g., Tencent/tianji-data and Feishu) and access to local files. That mismatch (no declared creds/config despite needing them) is incoherent.
- Instruction Scope
- concernInstructions explicitly tell the agent to read local files (hot.md, USER.md) and call external data sources, then deliver the briefing to a specific Feishu channel/target (ou_fd61...). Reading a USER.md (likely containing holdings) and sending it offsite is sensitive behavior. The SKILL.md also mandates an automatic daily schedule but provides no safe guard, consent step, or mechanism for authentication — granting broad, under-specified scope.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files. That minimizes install-time risk (nothing downloaded or written during install).
- Credentials
- concernNo environment variables or credentials are declared, yet the skill needs Feishu messaging credentials and likely Tencent/API keys for tianji-data and possibly search APIs. Lack of declared primaryEnv or required secrets is disproportionate and hides the sensitive permissions the skill requires. The hard-coded Feishu target suggests messages will be delivered to a predetermined recipient regardless of the installer.
- Persistence & Privilege
- concernThe SKILL.md asks for an automated daily run (06:30 each trading day) and unconditional delivery to a specific Feishu target, but the skill metadata does not explain how scheduling or user consent is enforced. While always:false (it won't be force-included), the ability to autonomously send potentially sensitive data on a schedule is a notable privilege if the agent is allowed to invoke the skill without clear user approval.