Skillv2.0.118+6460

ClawScan security

AI时代职业规划师 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 8:01 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: Skill mostly matches a career-planning purpose but contains several incoherent or privacy-sensitive implementation details (hardcoded user paths, undeclared external API keys/integrations, and automatic persistence/follow-up) that warrant review before installation.
Guidance: What to check before installing: - Confirm whether you want your planning data persisted and followed up on: the skill writes user tracker files to ~/.openclaw/workspace/memory/ and schedules 7/30/90-day follow-ups. Ask the author to require explicit user opt-in before persisting or scheduling follow-ups. - Ask the author to declare required credentials: integrations (AgentMail, Tavily) are mentioned but no environment variables are declared. If you enable those, ensure API keys are stored securely and that the skill will only send data with explicit consent. - Fix hardcoded path(s): generate_salary_db.py writes to /home/walter/.openclaw/... (hardcoded username). This is a bug/incoherence — it may fail on other systems or write to unintended locations. Ask for configurable paths or relative locations. - Review data provenance and licensing: the salary_database.json contains scraped sources (tavily_search and job sites). Confirm the data sources are allowed and that no sensitive scraped data is included. - Review privacy implications of AgentMail and external pushes: if you enable email or push integrations, verify what user fields will be sent and require user consent before sending. - If you are not comfortable with persistent tracking or external integrations, do not install or keep the skill disabled. Prefer a version that: (a) explicitly lists required env vars, (b) uses configurable paths, (c) requires opt-in before writing to memory or sending emails, and (d) documents data retention policy and deletion procedure.

Review Dimensions

Purpose & Capability: noteThe skill's files and instructions (Holland/MBTI assessments, industry references, salary DB, report generator) are consistent with a career-planner. However there are mismatches: SKILL.md and references mention optional ecosystem integrations (AgentMail, Tavily) that would require API keys, yet requires.env lists none. Also the salary DB metadata and references show data collected via 'tavily_search', matching the claimed realtime-job-integration feature, but the skill does not declare the credentials or permissions those integrations need.
Instruction Scope: concernRuntime instructions tell the agent to read many included reference files (expected) and to persist user tracking data to a memory path (~/.openclaw/workspace/memory/career_tracker_{user_id}.json). The skill also promises proactive follow-ups (7/30/90 days) and optional automatic emailing of reports (AgentMail). That means the skill will collect and persist personal planning data and may send it externally if integrations are configured. There is no explicit user-consent flow described for persistence or emails.
Install Mechanism: okNo install spec (instruction-only) — lower install risk. The package includes Python scripts and a large salary JSON; nothing is downloaded from external URLs at install time.
Credentials: concernThe skill declares no required environment variables, yet SKILL.md/integrations.md state v2.0 requires API keys for AgentMail and Tavily. This is an incoherence: external integrations are mentioned but not declared as required credentials. Additionally, scripts reference and write to platform-specific paths (see Persistence) rather than using relative or configurable paths.
Persistence & Privilege: concernThe skill explicitly instructs saving per-user tracker files to the agent's memory directory (~/.openclaw/workspace/memory/...), schedules proactive 30-day follow-ups, and supports automatic emailing — all of which give it persistent presence over time and the ability to exfiltrate or distribute user data if integrations are misconfigured. While always:false (not forced), autonomous follow-ups combined with persistence and optional external integrations increase blast radius and require explicit consent/controls.