Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Nightly Recap
v3.0.1Sends a single Telegram message each evening with what shipped today, social/system status, wins, and tomorrow's focus, fully configurable for your stack.
⭐ 0· 41·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description align with its behavior: it reads workspace logs and composes a Telegram message. However the repository includes a populated config.json containing a Telegram bot token and chat id and absolute paths to analytics/revenue scripts. The registry metadata declared no required env vars/credentials, so including a ready-made credential file in the distributed package is inconsistent and suspicious (it could cause messages to be sent with the included token if the installer doesn't reconfigure).
Instruction Scope
SKILL.md limits core behavior to reading daily logs (memory/YYYY-MM-DD.md, HEARTBEAT.md, AGENTS.md) which is coherent with the purpose. It also instructs the agent to run optional scripts (analyticsScript, revenueScript) and to read arbitrary communityPaths; those are user-configurable and useful, but they allow execution/reading of arbitrary local files. That broad file/script access is reasonable for optional integrations but increases risk and must be audited before enabling.
Install Mechanism
No install spec (instruction-only) and a small delivery script (send-message.js). Nothing in the manifest downloads remote code or runs an installer — this is lower-install risk. However the package is intended to be copied into the user's skills directory, so included files (notably config.json) will be placed on disk unless the user removes them.
Credentials
The skill declares no required environment variables or primary credential, yet the bundled config.json contains an apparently valid Telegram bot token and chat id plus absolute paths to external scripts on the original author's machine. Shipping credentials inside the package is disproportionate and dangerous: an installer who misses the reconfiguration step could use the embedded token/chat, and the token in a public package is effectively exposed.
Persistence & Privilege
The skill does not request always:true and will not be force-installed. Its setup writes/overwrites config.json and writes a last_run.log delivery receipt on successful sends — this is reasonable for diagnostics. It does not modify other skills or system-wide agent settings.
What to consider before installing
This skill mostly does what it says, but proceed cautiously. Key actions before installing: 1) Inspect and remove or overwrite the bundled config.json — it contains a Telegram bot token and chat id which appear to be populated; do not leave them in place. If the token belongs to you, rotate it immediately. 2) During first-run, prefer to supply --token and --chat explicitly for a test send rather than relying on repo config. 3) Audit any optional script paths (analyticsScript, revenueScript, communityPaths) before enabling them — they will be executed/read by the agent and can access local data or network. 4) Review send-message.js (it only posts to api.telegram.org) and the SKILL.md pipeline; ensure the cron/setup steps match your security posture. If you are uncomfortable with the included credentials or cannot verify their origin, do not install until the author confirms they are placeholders; treat the shipped token as compromised.Like a lobster shell, security has layers — review code before you run it.
latestvk979bdmcg05z48e88bdfjxh5yx84msqd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.