Skillv1.0.0

ClawScan security

Sunset Bot (国内火烧云预报) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 4:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and configuration are consistent with a web-scraping + notification tool for sunset/firecloud forecasts and do not request unrelated credentials or system access.
Guidance: This skill appears to do exactly what it says: scrape sunsetbot.top in a headless browser, log results locally, and optionally send messages via Feishu. Before installing: 1) Confirm you trust the external site (https://sunsetbot.top) that the skill visits. 2) If you enable cron and notifications, configure the Feishu/OpenClaw messaging integration carefully — the skill will call feishu_im_user_message via OpenClaw, so ensure tokens/OpenIDs are correct. 3) Review the headless-Chrome guide: it recommends disabling the Chrome sandbox (noSandbox), which weakens process isolation on the host — only do this in environments where you accept that risk. 4) If you will accept free-form city inputs from untrusted sources, review/escape inputs because city values are interpolated into inline JS passed to the browser evaluate call (could break or cause unexpected behavior). 5) Check the data/ directory for logs (sunsetbot-monitor.log) and ensure retention/permissions meet your policy.

Review Dimensions

Purpose & Capability: okName/description (查询火烧云预报 + 定时通知) match the provided code and SKILL.md: the script navigates to https://sunsetbot.top, extracts page values, writes local logs, and sends notifications via a messaging channel. Required resources (browser support, an optional Feishu OpenID in config) are appropriate for that purpose.
Instruction Scope: noteSKILL.md keeps scope to fetching forecast pages and sending notifications. It instructs use of OpenClaw's browser() and cron. Two notes: (1) the script injects user-supplied strings (city, date types) into inline JS passed to browser.evaluate — this is a robustness/input-sanitization concern (could break or behave unexpectedly for maliciously-crafted inputs), and (2) the instructions advise enabling headless Chrome with no-sandbox in OpenClaw config, which increases runtime risk for the overall environment (explained in guidance). The skill does not instruct reading unrelated files or env vars.
Install Mechanism: okNo install spec is present (instruction-only with code included), so nothing is downloaded or installed by an install hook. The included headless Chromium guide references downloading Chrome from an official Google URL and Playwright commands — those are normal for enabling the browser tool but are not executed by the skill itself.
Credentials: noteThe skill does not declare or require any environment variables or secrets. It does rely on an OpenClaw-provided messenger function (feishu_im_user_message) and a local config file (config/config.json) containing a userOpenId; these are proportional to notification functionality. There is no request for unrelated credentials. Ensure that your OpenClaw instance's messaging integrations (Feishu tokens) are intentionally configured.
Persistence & Privilege: okalways is false and the skill does not request permanent platform-level privileges or modify other skills. It writes logs under its own data/ directory only.