ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kinema's Task Management (daily report, active push, traceback)

v1.1.1

Kinema personal task tracking system. AI Agent maintains tasks as markdown files in workspace. Trigger: User describes tasks, mentions "任务", "task", asks to...

0· 63·0 current·0 all-time
byKinema.@leeshunee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's functionality (file-based task management + cron-driven daily reports) matches the description and included scripts. However the packaging/metadata declares no required binaries while ONBOARDING.md and SKILL.md assume availability of the 'openclaw' CLI and a POSIX shell (bash). The skill should declare these requirements (openclaw, bash) in its metadata.
Instruction Scope
Instructions are narrowly scoped to reading/writing task markdown files, generating snapshots/reports, and creating cron jobs. They also instruct extracting 'provider' and 'chat_id' from inbound session metadata to populate cron '--channel' and '--to' values; the docs require asking the user to confirm extracted targets. Using inbound (untrusted) metadata as delivery targets is potentially risky if confirmation is skipped, but the SKILL.md and ONBOARDING.md explicitly state the agent must ask the user before using them.
Install Mechanism
No external downloads or package installs — the skill is instruction-first and ships shell scripts to be made executable. There is no remote URL-based installation or extraction of arbitrary archives.
Credentials
The skill requests no credentials or secrets and uses only filesystem paths under the user's ~/.openclaw workspace (TASK_DIR default). Scripts accept TASK_DIR env override, which is reasonable for configuration. No unrelated credentials are requested.
!
Persistence & Privilege
The onboarding instructs the agent to create three cron jobs (archive-check, daily-report, write-snapshot) that will run autonomously and send reports to a chat target via '--channel' and '--to'. While 'always: false' is set, the installed cron jobs grant lasting autonomous behavior (periodic reads of task files and outbound pushes). This persistent capability is legitimate for a scheduler-based task reporter but increases blast radius if the cron target is misconfigured or if the initial confirmation step is bypassed.
What to consider before installing
This skill appears to implement a local, file-based task tracker and wants to install three OpenClaw cron jobs that will run automatically and push daily reports to a chat target. Before installing: 1) Verify you have the openclaw CLI and bash available (the onboarding assumes them) and ask the publisher to add those as required binaries in metadata. 2) When the agent extracts a '--channel' / '--to' from inbound metadata, confirm the exact chat_id and channel yourself — cron jobs will keep sending there until you remove them. 3) Review the included scripts (create, archive, next-id, snapshot, report) so you understand file paths they will read/write (defaults to ~/.openclaw/workspace/kinema-tasks). 4) Consider creating the cron jobs without --announce or testing in a sandbox session first to ensure targets and formats are correct. 5) If you are uncomfortable with persistent autonomous pushes, do not add the cron jobs and use manual report generation instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dx1rxyej3q2h8acpaxrmjf984v9na

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments