Skillv1.0.0

ClawScan security

Social Recruit Page · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 9:37 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (generate a recruitment poster and optionally send it to Feishu) but its runtime instructions and code try to read local OpenClaw config (credentials) without declaring those config paths or credentials — a proportion and scope mismatch that you should review before installing.
Guidance: This skill largely does what it says (renders an HTML poster and can post it to Feishu), but it will look for Feishu credentials in your home OpenClaw config (~/.openclaw/openclaw.json) or accept them on the CLI — and the registry metadata did not declare that config path or any required secrets. Before installing or running: (1) Inspect scripts/generate.py (especially the send_feishu() implementation) to confirm exactly which files and endpoints it accesses; (2) avoid storing unrelated credentials in ~/.openclaw/openclaw.json if you don't want them used by this skill; pass temporary credentials via CLI only when needed; (3) run the generator offline (without --send-feishu) first to verify output; (4) consider running in an isolated environment/container if you are concerned about inadvertent credential access or network exfiltration.

Review Dimensions

Purpose & Capability: noteName/description match the included assets and script: the HTML template + Python script generate a black‑gold recruitment long image and optionally send it to Feishu. Requesting Feishu App ID/Secret for sending is reasonable for that feature. However, the skill metadata declares no required config paths or environment variables while the SKILL.md and script refer to a local config (~/.openclaw/openclaw.json) and accept app-id/app-secret as CLI args — an inconsistency between declared requirements and actual behavior.
Instruction Scope: concernSKILL.md explicitly documents a Feishu send flow and states the script will read token values from ~/.openclaw/openclaw.json (channels.feishu.appId/appSecret). The instructions also allow passing credentials on the CLI. Reading a user home config file that may contain credentials expands scope beyond simple image generation and is not declared in the registry metadata. The script uses subprocess, Playwright, and makes network calls (upload/send to Feishu and Google Fonts) — these are expected for rendering and posting, but the automatic reading of a local credentials file is scope creep that could expose unrelated secrets.
Install Mechanism: okNo install spec — instruction-only with bundled script and template. This is lower risk than arbitrary downloads. Declared dependency on Playwright and curl is reasonable for HTML->image rendering and HTTP uploads.
Credentials: concernThe skill does not declare any required env vars or config paths in metadata, but the runtime path (~/.openclaw/openclaw.json) and CLI options (--app-id, --app-secret) indicate it will access credentials. Because the skill may read a global OpenClaw config file, it could obtain credentials for channels the user did not intend to share with this skill. The number/type of secrets accessed (app id / app secret / tokens in a home config) are plausible for Feishu sending, but their implicit access without declaration is disproportionate.
Persistence & Privilege: okalways:false and no modification of other skills or system-wide settings are evident. The skill does not request permanent presence. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.