Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
review-manager
v1.0.0고객사 리뷰 수집·자동답글·알림·리포트 통합 관리. 네이버플레이스/구글/배민/쿠팡 리뷰 모니터링 + 감성분석 + 경쟁사 비교
⭐ 0· 520·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (review collection, auto-reply, alerts, reports, competitor comparison) match the included scripts and config.template. The only required binary is node and the scripts operate on a per-skill config/data directory under the user's HOME — proportional to the described functionality.
Instruction Scope
SKILL.md and README instruct creating a config.json in ~/.openclaw/workspace/skills/review-manager and running the included node scripts. The scripts only read/write files under that data dir and call the OpenClaw messaging tool to send Discord notifications. The docs mention optional browser automation / cookie reuse for platforms that require login — that is outside the shipped code and would be a separate privacy/credential consideration if the user implements it.
Install Mechanism
No install spec or remote download; this is instruction + bundled scripts only. No external archives or third-party package installations are performed by the skill itself.
Credentials
The skill does not declare or require environment variables or external credentials. It expects a config.json (discord channel id, store URLs) and uses the OpenClaw messaging CLI to send notifications; that is consistent with its alerting feature. There are no unexpected secret exfiltration patterns in the code.
Persistence & Privilege
always:false (default). The skill reads and writes only to its own workspace data and config paths under ~/.openclaw/workspace/skills/review-manager. It does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says, but review and cautious deployment are advised: 1) It will create and update files under ~/.openclaw/workspace/skills/review-manager/data — confirm you are comfortable with that location. 2) Automated Discord notifications are sent via the host's openclaw message CLI (not by shipping Discord tokens); check that the messaging tool has appropriate permissions and that the target channel ID in config.json is correct. 3) The project currently uses mock collectors and notes that real scraping may require browser automation and cookie reuse — avoid storing login cookies or credentials in plaintext; if you implement login automation, treat those secrets carefully. 4) The --apply auto-reply functionality is not implemented yet (scripts generate replies and save previews only). 5) If you plan to run these scripts on a schedule, run them in a controlled environment and ensure scraping frequency complies with each platform's terms to avoid IP blocking or legal issues. If you want higher assurance, run the code in a sandbox/container and inspect the openclaw message tool behavior before enabling automated notifications.Like a lobster shell, security has layers — review code before you run it.
latestvk979nx122es9xhq37mp2h72tan81dspf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⭐ Clawdis
Binsnode