v2.1.1

元宝派主动推送

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

This skill openly sends Yuanbao messages and files, but it deserves review because it uses local bot credentials to bypass normal channel controls, can post/upload to chats, and can disrupt the existing Yuanbao plugin connection.

GuidanceInstall this only if you intentionally want an agent to send Yuanbao messages/files outside the normal OpenClaw plugin channel. Before using it, verify the Python source and dependencies, protect the Yuanbao appKey/appSecret, require confirmation for recipients and file paths, and be aware that it can temporarily kick the existing Yuanbao plugin connection.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

本 skill 直接连接 Yuanbao WebSocket 协议，绕过通道限制，实现主动推送（群聊 + 私聊）。

This shows the skill intentionally bypasses the normal OpenClaw plugin channel to post proactively into group and private chats, a high-impact action that lacks documented approval or recipient-scope guardrails.

User impactAn agent using this skill could send messages as the bot to groups or individuals outside the normal @bot response flow.

RecommendationInstall only if you explicitly want this bypass-style proactive sending; require user approval or an allowlist for recipients and content before the agent sends.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

send.py 使用与插件相同的 bot_id 建立 WebSocket 连接，会导致插件现有连接被踢（`code=4014 instanceid conflict`）。插件需等待 health-monitor 重启（约 15 分钟）才能恢复接收消息。

The artifacts disclose that using the skill can disrupt the existing Yuanbao plugin connection and stop it from receiving messages until it recovers.

User impactA single send operation may temporarily break normal Yuanbao plugin message receiving for the bot.

RecommendationUse this only when the normal Yuanbao plugin does not need to stay active, and avoid frequent or automated invocations unless the connection conflict is acceptable.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

packages:
        - websocket-client
        - cos-python-sdk-v5

The skill depends on external Python packages for WebSocket and COS upload support; this is purpose-aligned, but there is no pinned install specification in the provided artifacts.

User impactInstalling dependencies from the current Python package index may introduce version or provenance risk.

RecommendationInstall dependencies from trusted sources, consider pinning versions, and review the provided send.py before use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

send.py

CONFIG_PATH = Path.home() / ".openclaw" / "openclaw.json" ... app_key = yb.get("appKey", "") ... app_secret = yb.get("appSecret", "")

The code reads local Yuanbao bot credentials from the OpenClaw configuration and uses them to authenticate, while the registry metadata declares no primary credential or required config path.

User impactThe skill can act with the configured Yuanbao bot identity, including posting messages and sending files using that account.

RecommendationTreat the local appKey/appSecret as sensitive; use least-privileged bot credentials where possible and verify the skill's credential handling before installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

send.py → 签票 → /api/resource/genUploadInfo → COS put_object → WebSocket → TIMImageElem / TIMFileElem → 关闭

The documented file workflow uploads local files to Tencent COS and then sends a resource URL through Yuanbao; this is expected for file sending but is a sensitive external data flow.

User impactIf the agent is given the wrong file path, local files could be uploaded and shared into a Yuanbao chat.

RecommendationUse explicit user confirmation for file paths and recipients, and avoid granting the agent broad access to private local directories.