v3.3.1

Zrise Connect Release

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:06 AM.

Analysis

This appears to be a real Zrise automation skill, but it asks for high-privilege Zrise access and includes conflicting workflows that could write back to Zrise or mark tasks done without the advertised approval flow.

GuidanceReview this skill carefully before installing. If you use it, provide only a least-privilege Zrise account, require explicit approval before writeback/timesheet/Done-stage changes, remove or disable the simple auto-writeback path unless intended, and pin/review the Lobster installation source.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

docs/SIMPLE_WORKFLOW_GUIDE.md

Agent tự xử lý: ... Spawn subagents ... Aggregate results ... Writeback to Zrise ... Luôn dùng `simple` workflow cho tasks mới

This recommends an automatic one-step execution path with subagents and Zrise writeback, which conflicts with the main SKILL.md approval-gated flow for writeback, timesheet fill, and Done-stage updates.

User impactAn agent could treat the simpler workflow as the recommended path and update Zrise task records before a human reviews the plan or final result.

RecommendationKeep one authoritative workflow policy: require explicit approval before any Zrise writeback, timesheet entry, or stage change, and remove or clearly mark approval-bypassing/simple workflow docs as experimental.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusNote

SKILL.md

cd /tmp && git clone https://github.com/openclaw/lobster.git && cd lobster && npm install && npx tsc -p tsconfig.json ... ln -sf /tmp/lobster/bin/lobster.js ~/bin/lobster

The setup instructions fetch and build an unpinned remote repository and place a symlink to an executable under /tmp. This is disclosed and central to Lobster usage, but it is a supply-chain/provenance risk.

User impactThe user may run code from the current state of a remote repository rather than a reviewed or pinned release.

RecommendationPin Lobster to a reviewed release or commit, install it in a trusted non-temporary directory, and provide a lockfile or checksum where possible.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

README.md

ZRISE_USERNAME=admin
ZRISE_API_KEY=your_api_key

The skill documents use of a Zrise admin/API-key credential, while the registry metadata says no primary credential or env vars are required. The artifacts do not describe least-privilege scope for this account.

User impactIf installed with an admin Zrise API key, the skill may be able to modify important business/task data under a highly privileged account.

RecommendationDeclare the required credentials in metadata, use a least-privilege Zrise service account, and document exactly which task, timesheet, comment, and stage operations the skill may perform.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

Session Management — Mỗi task có session riêng ... Save conversation history

The skill stores per-task sessions and conversation history. That is consistent with task automation, but it means Zrise task context and AI outputs may persist locally.

User impactTask details, comments, and generated results may remain in local state after the workflow completes.

RecommendationDocument retention, storage paths, and cleanup behavior for session and task history, and avoid storing sensitive task content longer than needed.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusNote

docs/TELEGRAM_INTEGRATION.md

Integrate Zrise Connect with Telegram for: ... Task notifications ... Approval requests ... Employee interactions

The artifacts describe sending task notifications and approval interactions through Telegram. The guide includes security suggestions, but users should still notice that task data may leave Zrise/OpenClaw via an external messaging channel.

User impactTask names, project details, approval previews, and status updates could be visible in Telegram chats or groups if this integration is enabled.

RecommendationUse private or access-controlled chats, verify employee identity before accepting commands, sanitize sensitive fields, and document which Zrise fields are sent to Telegram.