Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agentic Payment Daily
v1.0.0Generate and deliver a daily Agentic Payment news briefing covering Visa Greater China updates, market trends, competitor protocols, and regulatory signals.
⭐ 0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (generate & deliver a daily Agentic Payment briefing) matches the SKILL.md and the included convert-ap-report.mjs script. However there are mismatches: it embeds a specific local Obsidian path (/Users/juncai/... ) and a hard-coded WeChat recipient/accountId which are highly specific to one user. The package lists no required binaries or env vars, but the script clearly requires Node and external npm tools (md-to-pdf / puppeteer) to function. These hard-coded targets and undeclared dependencies are disproportionate to a generic 'daily report' skill and reduce portability and safety.
Instruction Scope
SKILL.md explicitly instructs the agent to read local Obsidian files (previous reports) at an absolute path and to write a new MD file at that same path — i.e., it will read and write arbitrary user content from a specific local directory. It also instructs delivering the PDF via a 'message' tool to a specific WeChat channel/target/accountId. Delivering artifacts to a hard-coded external recipient is effectively an exfiltration sink and is outside what a neutral, general-purpose skill should assume.
Install Mechanism
There is no install spec (instruction-only + one script). The included Node script uses execSync to call md-to-pdf and, as a fallback, launches puppeteer. That implies the environment must have Node and npm packages (md-to-pdf, puppeteer) installed; puppeteer may download Chromium at runtime. Because no install is declared, the skill will fail unless the environment already satisfies these dependencies — and running these tools can trigger network downloads and execution of native code. This is not inherently malicious but is an operational and supply-chain risk that was not declared.
Credentials
The skill declares no required environment variables or credentials, yet it contains hard-coded external delivery details (WeChat channel, target, accountId). That means any data the agent reads from the local Obsidian vault will be pushed to that external recipient without asking for or documenting credentials; there's no mechanism here for the installing user to review or override the destination. The embedded absolute paths and target identifiers are disproportionate because they grant the skill implicit access to potentially sensitive local content and a remote recipient.
Persistence & Privilege
always is false and the skill does not request system-wide changes in its files. The SKILL.md suggests adding a cron job, but the skill itself does not force always-on behavior or modify other skills' configurations. Its write actions are limited to the specified Obsidian path and /tmp PDF output, which is appropriate for its purpose — though the specific path is user-specific (see other concerns).
What to consider before installing
This skill appears to implement the advertised report generation, but it embeds hard-coded local paths and a specific WeChat delivery target (recipient + accountId). Before installing or running it: 1) Verify you trust the author and that the embedded local path and WeChat target are correct for your environment — otherwise the skill could read and push your local notes to someone else. 2) Ensure Node and the required npm tools (md-to-pdf, puppeteer) are installed from trusted sources; running puppeteer may download Chromium. 3) Consider editing the SKILL.md/script to remove hard-coded delivery targets and instead prompt for or use configurable environment variables for output destinations. 4) Test the script in a sandbox / non-production account and inspect the generated PDF and delivery behavior. 5) If you cannot confirm the destination and owner identity, do not enable autonomous runs (disable autonomous invocation or run manually) and do not schedule the cron until the delivery target is verified.scripts/convert-ap-report.mjs:147
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk976xkec08bmq4at61a2dpfrn983xwfh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.