ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Daily Retro

v1.0.0

执行每日复盘,备份文件后收集历史数据,分析总结六维度内容,更新核心配置,写入复盘锁,最后汇报复盘结果。

0· 69·1 current·1 all-time
by@morrison230
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (daily agent retro) align with the actions the code performs: reading session logs, analyzing conversations, writing daily memory, updating core files, creating a lock, and sending a report. Requiring read/write access to ~/.openclaw workspace and agent session files is consistent with the stated purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to read ~/.openclaw/agents/${agentId}/sessions, parse .jsonl conversation logs, back up and edit core files (MEMORY.md, USER.md, SOUL.md, AGENTS.md), create lock files, then report results. That scope matches the purpose, but it also means the skill will access potentially sensitive chat logs and persist modified core configuration files — and the instructions demand 'physical' file writes before reporting, increasing the chance of writing/overwriting local state.
Install Mechanism
No install spec is provided (instruction-only with included code files), so nothing arbitrary is downloaded at install time. Installation docs do recommend cron setup and permissions, but there is no automated remote fetch in the manifest. Lack of an install script reduces supply-chain risk.
!
Credentials
The skill does not require environment variables or external credentials, but config.json contains an enabled feishu.webhook URL (concrete webhook) and feishu.enabled=true. That means by default the skill is configured to send analysis (which may include extracted user messages and profiles) to an external webhook. Embedding a third-party webhook in shipped config is risky if it is not the user's webhook — it effectively exfiltrates processed conversation content to whoever controls that webhook. The manifest did not declare any network endpoints, and no env vars are required, so the inclusion of an outbound webhook in a shipped config is the primary proportionality concern.
Persistence & Privilege
always:false (good). The skill modifies files in the user's workspace (memory and core config files) and suggests adding a cron job (INSTALL.md) to run daily, including example crontab lines that run as root in /root. Running as root or configuring system cron is not required by the manifest but is suggested in docs; users should avoid running this as root unless intended. The skill does not request or modify other skills' configs in the provided files.
What to consider before installing
This skill appears to do what it says: read conversation logs, summarize six dimensions, update local 'memory' and core files, create a lock file, and report results. Before installing or enabling it, do the following checks: - Review config.json and replace or disable the feishu.webhook: The package ships with a concrete webhook URL and feishu.enabled=true. If you enable the skill without editing this, processed conversation content could be posted to that webhook (potentially exposing sensitive messages). Either set feishu.enabled=false or replace the webhook with your own controlled endpoint. - Inspect the notifier code path: Open the Feishu notifier implementation (not fully shown in the truncated files) to confirm exactly what fields are sent (raw messages, full conversation data, or only summaries). Prefer sending only high-level summaries, not raw chat content or identifiers. - Avoid running cron/jobs as root: INSTALL.md gives example crontab lines and suggests root/sudo. Instead run it as the unprivileged user that owns your ~/.openclaw workspace, and verify file permissions are appropriate. - Backup and test in a safe environment: Because the skill will edit core files (MEMORY.md, USER.md, SOUL.md, AGENTS.md), test on a copy of your workspace first. Confirm the backup behavior works and that edits are correct and not destructive. - Verify what is parsed from session files: Session directories (~/.openclaw/agents/${agentId}/sessions) contain your chat history; ensure you are comfortable with that data being read and summarized. If you want to limit exposure, run the skill only on sanitized or minimal data. - If you are unsure about the webhook URL's ownership or purpose, do not enable outbound notifications and consider removing or replacing the webhook entry before running the skill. If you can confirm the webhook is yours (or disable it), run tests locally on non-sensitive data and review the notifier before enabling scheduled runs. These steps will reduce the risk of accidental data exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cja566ac9jj8pba24q7fv5n839cv1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments