Skillv1.0.0

ClawScan security

diary · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (daily AI diary and sending it to a channel) is plausible, but the instructions are vague about how sending happens and what interaction data is read — there is a mismatch between claimed capability and the credentials/integration details needed, which could lead to unintended data access or leakage.
Guidance: Before installing or enabling this skill, confirm how it will send diaries: which messenger connector or plugin will perform delivery, and where that connector stores its API tokens. If delivery relies on an existing integration, verify that integration's permissions and tokens are restricted. Disable or uncheck 'includeInteractions' unless you explicitly want the agent to incorporate conversation history into diary entries, and require a manual preview step before any send. Inspect the diary/ directory and config.json in a safe environment to ensure no sensitive data will be written. If you cannot confirm how channel authentication works, treat the send functionality as untrusted and prefer 'write' (save only) mode rather than automatic send.

Review Dimensions

Purpose & Capability: concernThe skill claims to generate and push daily diaries to channels like "yuanbao" or "telegram", but the package declares no required environment variables, credentials, or integration steps for those channels. That is an incoherence: a sending capability normally requires channel-specific tokens/credentials or an explanation of which existing connector will be used.
Instruction Scope: concernRuntime instructions explicitly read and write files under workspace/diary (config.json, templates, YYYY-MM-DD.md) which is coherent. However the step '收集素材 — 回顾当天交互（可选）' (review the day's interactions) is vague about source/limits: it gives the agent discretionary access to conversational history or other interaction logs. That vagueness can lead to collection or transmission of sensitive user data unless constrained.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is downloaded or written to disk by an installer. This is low risk from an install mechanism perspective.
Credentials: concernNo environment variables or credentials are declared, yet the skill requires a 'channel' and 'target' to send diaries. Typical channels (Telegram, chat bridges) need API tokens or connectors — the absence of declared required credentials is disproportionate to the claimed send functionality and is an inconsistency.
Persistence & Privilege: okThe skill is not marked always:true and uses local workspace files for persistence (diary/). It does automatic cleanup of old diary files. There is no indication it modifies other skills or system-wide settings.