安全打卡提醒
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a clearly described safety check-in skill, but it sets up ongoing automatic messaging and phone calls without clear permission boundaries, identity checks, or shutdown controls.
Install only if you intentionally want a persistent safety-check automation. Before enabling it, confirm exactly which Feishu account/group and calling service it will use, get consent from the emergency contact, require verified check-ins, and make sure there is a clear way to pause, test, and remove the scheduled tasks.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A false missed-check-in state or configuration mistake could trigger unwanted messages or an emergency phone call.
The skill directs scheduled messaging, automated checks, and an emergency phone call, but the artifacts do not describe per-action approval, rate limits, or confirmation before the high-impact call.
创建两个定时任务...提醒任务:每天设定时间发送飞书提醒...检查任务...;执行动作:打电话给紧急联系人
Require explicit approval for setup and a final confirmation path before calling, plus test mode, rate limits, audit logs, and an easy cancellation option.
The automation may continue messaging, checking, recording, and potentially calling after the user has forgotten or no longer wants it active.
The skill is explicitly designed for ongoing autonomous operation after configuration, but it does not document stop conditions, disabling, cleanup, or expiry.
配置一次,自动运行...所有操作自动记录...全部自动完成
Document the exact scheduled jobs, require user approval before creating them, and provide a clear disable/uninstall command and automatic expiry option.
The agent may rely on whatever messaging or calling authority is available in the user environment, without a clear scope or account boundary.
The SKILL.md describes Feishu group messaging and phone calls, but the declared metadata does not identify what account, credential, or permission boundary would be used.
Required env vars: none; Primary credential: none; Capability signals: No capability tags were derived.
Declare the required Feishu and calling integrations, their scopes, the exact account used, and require consent for the chosen group and emergency contact.
Someone else’s message, a bot, or activity in the wrong group could mark the user as safe and suppress an emergency notification.
The check-in signal is any message in a Feishu group, with no described verification of sender identity, chat membership, bots, or message intent.
用户打卡:在飞书群回复任意消息...飞书回复即打卡
Verify the sender, restrict the allowed chat and user IDs, require an explicit check-in keyword or code, and log the verified identity.
Emergency contact details and safety-check history may remain in local skill files and influence future automation.
The skill keeps persistent alert records including the emergency contact value and notification status, which is purpose-aligned but sensitive.
2024-01-08 20:00 | 连续7天未打卡 | 13800138000 | 已通知
Store only necessary data, document retention, protect the files, and provide a clear way to review and delete stored check-in and alert records.
Users cannot verify from these artifacts how the scheduler, messaging, or phone-call actions would actually be implemented.
There is no reviewed implementation for the promised scheduled tasks, Feishu messaging, and calling behavior; this is not malicious by itself, but it limits reviewability.
No install spec — this is an instruction-only skill. No code files present — this is an instruction-only skill.
Publish reviewed implementation details or setup steps, including install and uninstall behavior, required services, and exact permissions.