Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
大象沟通日报
v1.0.5生成大象(即时通讯工具)每日沟通分析报告。自动汇总个人对话、群聊消息,按时间段分析沟通频率,识别活跃联系人,生成结构化的沟通摘要。使用场景:用户提及'大象日报'、'沟通日报'、'每日沟通'、'daxiang report'、'沟通汇总'时触发。
⭐ 0· 127·0 current·0 all-time
by@kindhf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to generate daily reports from 大象 chat data and the included Python script implements that. However the package metadata declares no required binaries or env vars while README and the script require Python 3.8+ and optionally the DX CLI/browser automation. The omission of those requirements in metadata is an inconsistency (likely sloppy packaging) but not necessarily malicious.
Instruction Scope
SKILL.md and README specify the skill uses data files under a workspace data/ directory. The Python script reads/writes files under home-path defaults (e.g., /Users/hongfei/.openclaw/...) or environment-overridable paths, and will save full conversation contents into reports. The script can also invoke the DX CLI to fetch messages (subprocess calls). There is no instruction to read unrelated system files or exfiltrate data to external endpoints, but the report includes complete message content (sensitive) and the script may interact with external tooling (dx), so the runtime scope includes local filesystem I/O and external CLI/network activity.
Install Mechanism
There is no install spec (instruction-only), but the skill ships executable scripts that will be placed on disk when the skill is installed. The README notes dependencies (Python 3.8+, OpenClaw, optional DX CLI, Chrome) but the registry metadata didn't declare these. The lack of an explicit install step for dependencies or declaration of required binaries is a packaging gap that could trip users and lead them to manually install tools from internal registries (README mentions an internal npm registry URL).
Credentials
Declared requirements list no env vars or credentials, but the script reads several environment variables if present (DAXIANG_WORKSPACE, DAXIANG_DATA_DIR, DAXIANG_REPORT_DIR, DAXIANG_SELF_NAME and several MAX_* overrides) and will invoke the DX CLI which relies on the user's DX authentication. The skill does not ask for tokens directly, but it expects external tooling (dx) that may have its own credentials. The absence of any declared credential requirements in metadata is inconsistent with runtime behavior.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It suggests (in README) that users may add a cron job to run the script, but that is user-driven. The skill does write output files into the user's workspace/data directories (normal for this purpose) but does not modify other skills or agent-wide settings.
What to consider before installing
This skill appears to do what it claims (produce daily reports from 大象 chat data), but there are packaging and configuration inconsistencies you should consider before installing:
- The metadata incorrectly lists no required binaries/env vars. The script requires Python 3.8+ and may optionally call the DX CLI (dx). Ensure you have/expect these tools installed and understand how the DX CLI authenticates (it may use internal credentials).
- The script uses default hardcoded paths under /Users/hongfei/.openclaw/..., but will respect environment variables. Review and, if needed, set DAXIANG_WORKSPACE, DAXIANG_DATA_DIR, and DAXIANG_REPORT_DIR to safe directories before running.
- The generated report includes complete, unredacted message contents. Treat outputs as highly sensitive and avoid uploading them to third-party services.
- The script invokes subprocesses (dx) and may contact network services via that CLI; verify the DX CLI and any registries you might be asked to use (the README references an internal npm registry) before following install instructions.
- Prefer to run the bundled Python script locally in a safe environment first, inspect its outputs, and confirm it only accesses the expected data files. If you plan automated runs, create a restricted workspace and explicit cron job rather than blindly following default paths.
If you want, I can point out exact lines in the script that call external commands and write files, or suggest minimal metadata updates the author should make (declare Python and DX CLI dependencies, list env vars, remove hardcoded home paths).Like a lobster shell, security has layers — review code before you run it.
latestvk97c9c311twdqh3ng8p9k0gfcx832nra
License
MIT-0
Free to use, modify, and redistribute. No attribution required.