Back to skill
Skillv1.0.0
ClawScan security
Poetry Daily Art · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 12, 2026, 4:20 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (generate daily poem art) is plausible, but the implementation has several inconsistencies and privacy risks (hardcoded user paths, undeclared API/transport credentials, and reading arbitrary 'memory' files) that you should fix or clarify before installing.
- Guidance
- Before installing, ask the author to: (1) remove or parameterize hardcoded absolute paths (use a workspace or env variable instead of /Users/hwang/...), (2) explicitly declare the required credentials and environment variables (e.g., MINIMAX_API_KEY, TELEGRAM_TOKEN) in the skill metadata, (3) avoid searching general memory/*.md files (or document and limit exactly which files are read) because those may contain sensitive notes, (4) document the exact delivery mechanism and any third-party CLI (mmx) including where to obtain it and why it is trusted, and (5) test in a sandboxed account to confirm behavior. If the author provides a corrected version that uses relative/parameterized paths, declares env vars, and limits file access, the assessment would likely move to benign. Right now the inconsistencies and potential privacy exposures make the skill suspicious.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (generate poem art cards) matches the included script and instructions: they build an image prompt from a poem title, generate an image via an image CLI, and send it as a message. However the SKILL.md advertises use with a cron and a 'message' tool (Telegram delivery) and mentions MiniMax; those required credentials/tools are not declared in the skill metadata. This is a mismatch between declared requirements (none) and what the skill actually needs.
- Instruction Scope
- concernSKILL.md says to read data/poem_study_progress.json (relative) and archive/poem/, but the script hardcodes absolute paths under /Users/hwang/.openclaw/workspace (progress file, memory/*.md, output dir). The script also falls back to scanning memory markdown files (memory/*.md) to find poem titles — that can read arbitrary user notes. These file accesses go beyond the documented relative paths and may expose unrelated sensitive user data.
- Install Mechanism
- noteThere is no install spec (instruction-only) which is low risk for supply-chain downloads. The script requires an external CLI ('mmx') and instructs 'npm install -g mmx-cli' as a prerequisite in SKILL.md, but this is not enforced or declared in metadata. Lack of an explicit install step is acceptable, but the skill depends on an external, third-party CLI (mmx) and its trustworthiness should be validated by the user.
- Credentials
- concernThe skill metadata declares no required environment variables or credentials, yet SKILL.md and the script require a MiniMax API/CLI and imply a MiniMax API key and a messaging transport (Telegram) for delivery. The script also reads files from a specific user's workspace (absolute /Users/hwang/...), which is a disproportionate and user-specific access pattern. Required secrets (MiniMax API key, Telegram token) should be declared and justified; currently they are missing.
- Persistence & Privilege
- okThe skill is not marked 'always:true' and does not modify other skills or system-wide settings. It writes output files to a workspace directory and removes previous images; this is expected for an image-generation helper and does not indicate elevated privileges.