Ai Cv Weekly
AdvisoryAudited by Static analysis on Mar 16, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the model returns a malformed or adversarial preset name, creating a custom preset could write or overwrite YAML files outside the intended custom_presets directory.
The preset name comes from LLM-generated JSON and is used directly to construct a file path. The provided code does not show a regex check, path-separator rejection, or resolved-path containment check.
data = json.loads(clean) ... preset = PresetConfig(**data) ... save_path = save_dir / f"{preset.name}.yaml"Validate preset.name with a strict pattern such as ^[a-z0-9_]{1,30}$, reject path separators, resolve the final path, verify it stays inside data/custom_presets, and ask before overwriting existing files.
Running the skill may consume or expose the authority of the configured LLM/OpenClaw credential to the selected provider endpoint.
The skill uses API credentials for LLM access even though registry metadata declares no required env vars or primary credential. The use appears purpose-aligned and no credential leakage is shown.
oc_key = os.getenv("OPENCLAW_API_KEY") or os.getenv("OPENCLAW_TOKEN") ... self.api_key = llm_config.get("api_key") or os.getenv("BAILIAN_API_KEY", "")Declare the credential requirements in metadata and use a dedicated, scoped API key where possible.
Sensitive text included in a user hint or report source material could be sent to the configured LLM endpoint.
The skill sends report prompts, source snippets, and user hints to a configured LLM provider. This is expected for LLM report generation, but users should know data leaves the local environment.
payload = {"model": self.model, "messages": messages, ...}; requests.post(url, headers=headers, json=payload, timeout=self.timeout)Use only trusted LLM endpoints, avoid putting secrets or private data in report hints, and document what content is sent externally.
If enabled, the scheduler can continue producing and sending reports after the initial command.
The skill supports a scheduled mode that can keep generating and delivering reports. It is disclosed and appears user-invoked, not hidden.
python -m brief.scheduler # Run scheduled jobs ... Cron Scheduler: Auto-generate reports on schedule with multi-channel push
Only run the scheduler intentionally, review all cron entries and delivery destinations, and stop the process when scheduled delivery is no longer wanted.
Users may need to install dependencies manually without registry-level install metadata or a clear upstream homepage.
The README documents dependency installation, while the registry has no install spec and the source/homepage are not provided. This is a provenance and reviewability note, not evidence of malicious installation.
pip install -r requirements.txt
Review requirements.txt, prefer pinned dependency versions, and install in an isolated environment.