ClawHub
Back to skill
v1.0.0

Exwind Monitor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:33 AM.

Analysis

The skill appears to do what it says—check the public EXWIND site and alert Feishu—with notes about recurring automation and an undeclared browser-tool dependency.

GuidanceThis skill looks purpose-aligned and not malicious based on the provided artifacts. Before installing, make sure you want a check every 10 minutes, verify where Feishu messages will be sent, and confirm the local agent-browser command is the expected trusted tool.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
- **定时**: 每 10 分钟自动执行
...
Schedule: */10 * * * * @ Asia/Shanghai

The skill explicitly describes recurring scheduled execution. This matches the stated monitoring purpose, but it means the skill can keep operating without a fresh user prompt each time.

User impactIt may periodically open the EXWIND site and generate Feishu alerts while the cron task remains enabled.
RecommendationInstall only if you want ongoing monitoring; review the cron entry and disable or remove it when you no longer want automatic checks.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
scripts/exwind_monitor.py
run_cmd('agent-browser close', 10)
...
run_cmd(f'agent-browser open "{url}" --timeout 30000', 60)

The script depends on the local agent-browser command even though the registry metadata declares no required binaries. The dependency is purpose-aligned, but under-declared.

User impactThe skill may fail or behave differently if the expected browser automation command is unavailable or replaced.
RecommendationVerify that agent-browser is installed and is the trusted browser automation tool you expect this skill to use.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
使用 `message` tool 发送 `message` 字段的内容到飞书。

The skill relies on a messaging tool to send generated alert content to Feishu. This is expected for the stated purpose, but it uses delegated messaging authority.

User impactUpdates from the monitored site may be posted through your configured Feishu messaging channel.
RecommendationConfirm the Feishu destination and permissions are appropriate before enabling recurring alerts.