Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Cv Weekly
v7.0.1Generates in-depth weekly AI/Computer Vision reports by aggregating data from multiple sources with plugin-based pipeline and multi-channel delivery.
⭐ 0· 117·1 current·1 all-time
by@llx9826
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is advertised as an 'Ai Cv Weekly' reporter but the bundle is the general 'ClawCat Brief' briefing engine (planners, many adapters, grounding, renderers, Playwright, akshare finance adapters, registry.json, etc.). A dedicated AI/Computer-Vision weekly skill would not normally include wide-ranging news/finance adapters, a skill_proxy adapter, or full Playwright-based rendering. This mismatch could be benign (a generic engine configured to produce CV reports) but it is an unexplained divergence from the declared purpose.
Instruction Scope
SKILL.md exposes three host-mode tools (plan_report, fetch_data, render_report) and documents a standalone CLI mode requiring an LLM API key in config.yaml. The runtime instructions do not ask the agent to read unrelated system files or secrets beyond the optional LLM key. The SKILL.md and repository contain extensive guidance and embedded assets (including a base64 logo file), and the SKILL.md content triggered a 'base64-block' pre-scan pattern (likely from embedded static assets) — this is not intrinsically malicious but worth noting.
Install Mechanism
No install spec is declared (instruction-only in registry), and the codefiles are included in the skill bundle rather than downloaded at install time. There are no external URL downloads in the install metadata. However the code depends on heavy runtime packages (Playwright, HTTP clients, akshare, Playwright needs a system browser) which may require additional system-level install steps not declared in registry metadata.
Credentials
The registry declares no required environment variables or credentials. The standalone CLI mode, however, expects an LLM API key in config.local.yaml/.env if you run the pipeline locally. The project performs wide network access (many public news and data endpoints) and can invoke external adapters; while no secrets are required by default, granting it an LLM API key or allowing it to import external modules (via the skill_proxy/registry mechanism) increases its capability surface and should be considered carefully.
Persistence & Privilege
The skill does not request 'always: true' nor declare system-wide config changes. It doesn't appear to modify other skills' configurations. Autonomous invocation is allowed (platform default) but not combined with other high-privilege flags.
Scan Findings in Context
[base64-block] expected: A base64 block is present (static/luna_logo_b64.txt and embedded assets). For a packaged repo with static logo or assets this is expected. It was flagged by the pattern detector in SKILL.md but by itself is not evidence of malicious intent.
What to consider before installing
What to check before installing or running this skill:
- Purpose mismatch: The registry name/description ('Ai Cv Weekly') is narrow, but the bundle is a generic briefing engine (ClawCat) with many adapters (news, finance, search), rendering (Playwright), and pipeline components. If you only want a CV‑focused weekly, ask the publisher or inspect registry.json/config to ensure only the intended sources are enabled.
- Network activity: The code fetches data from many public endpoints (news APIs, search engines, social feeds). Expect outbound HTTP(S) traffic; run in an environment where that is acceptable.
- Playwright and system deps: The repo uses Playwright for HTML→PDF/PNG. Playwright requires a browser runtime (Chromium) and may need extra installation. Confirm system requirements before running.
- LLM API keys: Standalone mode requires an LLM API key in config.local.yaml or env; only provide keys if you trust the skill and run it in a controlled environment. In host-skill mode (plan_report/fetch_data/render_report), no key is required by the skill itself.
- skill_proxy / dynamic import risk: The adapters include a skill_proxy adapter that can bridge to other skill modules by name. Check registry.json for any entries that import external or unexpected modules — arbitrary import/call can expand what code executes when fetch_data runs.
- Review registry.json and adapters: Inspect which sources are enabled by default and any adapter code that posts or forwards data. The repo is large but readable; scan the adapters you expect to use.
- Run in a sandbox first: Execute the CLI or host calls in an isolated/testing environment to observe network calls, filesystem writes, and any browser activity before enabling in production.
- Provenance: The skill owner/source is unknown and there is no homepage. If provenance matters for your use, ask the publisher for clarification or prefer a skill with clear author/source.
If you want, I can:
- Extract and summarize registry.json and which data sources are enabled by default.
- List runtime Python dependencies and any system-level requirements (e.g., Playwright browsers) from requirements.txt.
- Point out places in the code to edit if you want to restrict sources or disable Playwright rendering.clawcat/adapters/registry.json:180
Install source points to URL shortener or raw IP.
config.yaml:22
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk975b68whbqdeaqevksjnvj12183w7vk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.