Skillv1.0.0

ClawScan security

CEO决策助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 25, 2026, 1:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (scheduled jobs, persistent memory, Feishu integration, and model API keys) matches a CEO assistant, but the registry metadata omits required credentials and there are internal inconsistencies about required APIs/permissions — the mismatches merit caution before installing.
Guidance: Key points before installing: - The skill will require Feishu App ID and App Secret and model API keys (MiniMax and/or Qwen) to function, despite the registry listing claiming no required env vars. Do not assume no secrets are needed. - Confirm where memory files (MEMORY.md, memory/...) will be stored and who can access them; the skill permanently stores and reuses conversational data and preferences. - Review and approve the cron jobs (scheduled reports) and their delivery channel (Feishu); scheduled sends mean the skill will act autonomously on a timetable. - Verify the source: homepage is clawhub.ai but owner is an opaque ID and author shown as '帅哥' — if this is for a production environment, ask the author/maintainer for clarification and a signed manifest that lists required credentials and permissions explicitly. - Reconcile conflicting manifests: clawhub.json and listing.json disagree about model/API requirements; ask the publisher to fix the metadata so required credentials are declared clearly. - If you proceed, test in an isolated/non-production org account first (use a test Feishu app and non-sensitive data) to confirm behavior, storage locations, and that it only uses the permissions you expect. If you want, I can extract the precise lines where credentials/permissions are referenced and prepare a short checklist to present to the publisher for clarification.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (CEO decision assistant) align with its instructions: scheduled reports, subagents, persistent memory, and Feishu notifications are coherent. However the published registry metadata (no required env vars / no primary credential) contradicts SKILL.md/README/config files that clearly require Feishu App ID/App Secret and model API keys (MiniMax/Qwen). This mismatch is unexpected and should be resolved.
Instruction Scope: noteSKILL.md and included templates instruct the platform to create cron jobs, write/read memory files (memory/*.md, MEMORY.md, knowledge), manage subagents/sessions, and push notifications to Feishu. All of those are in-scope for a decision assistant. The instructions do not contain obvious external exfiltration endpoints beyond Feishu and the model providers, but they do direct persistent storage of conversational data and automated delivery to Feishu — users should be aware that daily conversations and derived 'memory' will be stored and reused.
Install Mechanism: okThis is instruction-only (no install spec, no downloaded binaries, no code files to execute). That reduces installation risk because nothing is automatically fetched or executed by the skill package itself.
Credentials: concernThe skill files and README require Feishu appId/appSecret and references model API keys (MiniMax, Qwen). Yet the registry metadata reported 'Required env vars: none' and 'Primary credential: none'. Additionally clawhub.json/includes list 'apiKeys': ['minimax'] while listing.json shows differing requirement flags. These inconsistencies (missing declared credentials, contradictory requirements) are disproportionate and confusing — the skill will need secrets to operate, but the manifest doesn't declare them correctly.
Persistence & Privilege: noteThe skill requests/assumes permissions for memory read-write, cron read-write, and Feishu read-write in its manifest files — all consistent with scheduled reporting and persistent memory. always:false (no forced global inclusion) is appropriate. However, granting autonomous scheduled jobs plus persistent memory and outbound Feishu push capability increases potential impact if misconfigured or if the skill behaves unexpectedly.