柯南周报
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says: search public web pages for Conan news, save a local weekly report, and optionally send it to a user-configured webhook.
This looks safe for its stated purpose. Before installing, decide whether you want the weekly cron job enabled and whether you trust any webhook URL you configure. If you do not need external delivery, leave REPORT_WEBHOOK_URL unset so reports stay local.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill will run automatically every week until the cron job is changed or disabled.
The skill documents a recurring scheduled task, meaning it can continue running weekly once the user creates the cron entry.
openclaw cron add --name "柯南周报" --cron "0 21 * * 6" --tz "Asia/Shanghai" --system-event "柯南周报" --session "main"
Only add the cron schedule if you want ongoing weekly runs, and use the documented disable/edit commands if you no longer need it.
The generated report content may be sent to whichever webhook endpoint you configure.
The code can send the generated report to an external webhook URL if that environment variable is configured.
const webhookUrl = process.env.REPORT_WEBHOOK_URL; if (webhookUrl) { await sendViaWebhook(webhookUrl, report); }Use only trusted webhook URLs and avoid configuring a webhook if you want reports to remain local.
If you follow the README's npm install instructions, external npm packages may be installed.
The project declares npm dependencies while the registry install spec says no install spec is provided; the lockfile is present, so this is a metadata/provenance notice rather than a concrete unsafe behavior.
"dependencies": { "node-fetch": "^2.7.0" }, "devDependencies": { "clawhub": "^0.7.0" }Install from the ClawHub package where possible, and review package-lock/dependency changes before manual npm installation.