fugui-monitor
Analysis
The skill mostly matches its monitoring purpose, but it uses a logged-in browser session and sends alerts to a hardcoded Feishu recipient, so it should be reviewed before installation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
08:00-18:00 每5分钟,18:00-24:00 每10分钟
The skill is designed for recurring background checks via cron-style scheduling. This is disclosed and fits the monitoring purpose, but it creates ongoing automated activity if enabled.
OPENCLAW="/opt/homebrew/bin/openclaw"
The script depends on a specific local OpenClaw binary path, while the provided requirements declare no required binaries and no OS restriction. This is an under-declared dependency rather than evidence of malicious behavior.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
首次使用需要在浏览器中登录小红书一次,之后脚本会自动使用登录态
The skill intentionally relies on a logged-in Xiaohongshu browser profile/session. This is disclosed and purpose-aligned, but it is still sensitive account/session access.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
"$OPENCLAW" message send --target "ou_24c2bc2b000e0ea7a99dea7f4f657dbc" --message "$msg"
Notifications are sent to a fixed Feishu/OpenClaw recipient ID rather than a user-configured target, making the recipient and data boundary unclear.
> "$WORKSPACE/memory/$snapshot_file"
The script stores scraped post snapshots in the OpenClaw workspace memory directory for later comparison. This is purpose-aligned but leaves persistent local records.