v3.0.0

DeepSleep

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:39 AM.

Analysis

DeepSleep has a clear memory-persistence purpose, but it deserves review because it asks the agent to read broad chat history, store persistent memories, run on a daily cron, and automatically send group briefs.

GuidanceInstall only if you are comfortable granting broad chat-history visibility and automated group posting. Before enabling the cron, consider limiting eligible chats, disabling cross-group hints, requiring manual approval for dispatch, and regularly reviewing or deleting files under the memory directory.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

dispatch-instructions.md

用 `message(action='send', channel='feishu', target='chat:<chat_id>')` 发送

The dispatch phase instructs the agent to send Feishu group messages based on its own smart-send decision, without requiring per-message user approval.

User impactThe agent can automatically post summaries or reminders into group chats, including repeated P0 overdue reminders.

RecommendationStart in a manual or dry-run mode, review dispatch logs, limit target chats, and require approval before sending to production groups.

Rogue Agents

SeverityLowConfidenceHighStatusNote

README.md

openclaw cron add --name "deepsleep" --cron "50 23 * * *" --session isolated ... --timeout-seconds 900 --no-deliver

The documented setup creates a recurring isolated agent turn. This is disclosed and purpose-aligned, but it is persistent background automation.

User impactAfter setup, the skill continues running daily until the cron job is removed or disabled.

RecommendationReview installed cron jobs periodically and remove or pause DeepSleep when persistent memory or automated dispatch is no longer desired.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

pack-instructions.md

sessions_list(kinds=['group', 'main'], activeMinutes=1440, messageLimit=1) ... sessions_history(sessionKey=<key>, limit=50)

The skill auto-discovers all active group and main sessions and reads recent histories, which is broad delegated access rather than a narrowly scoped chat integration.

User impactThe agent may read and summarize conversations across multiple chats, including direct/main sessions, if OpenClaw session visibility is enabled.

RecommendationUse only if all relevant chats are appropriate for agent-wide memory. Prefer an allowlist/denylist, restrict session visibility where possible, and review generated summaries.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

dispatch-instructions.md

Open Questions：保留所有未解决的（永不过期）... 待办 `- [ ]`：永不过期

The skill intentionally persists open questions and unfinished tasks indefinitely in memory snapshots, creating durable context that can contain sensitive or stale information.

User impactPrivate or outdated conversation-derived information may remain in local memory and influence future agent replies long after the original chat.

RecommendationTreat the memory directory as sensitive data. Add explicit retention, deletion, and review procedures, and avoid using the skill in chats that may contain secrets or untrusted instructions.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

dispatch-instructions.md

## 🔗 关联群
- ↔ [关联群名]：关联话题描述

Per-group snapshots and briefs can include cross-group correlation hints. Even if detailed content is excluded, group names and topic descriptions may cross chat boundaries.

User impactMembers of one group may learn that another group exists or is discussing a related topic.

RecommendationDisable cross-group hints by default, anonymize other group names, or require explicit consent from affected groups before sharing correlations.