ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Report Builder

v0.1.0

Use when the main operator needs to turn the nightly shortlist into a Telegram morning report with inline approve/reject/later buttons.

0· 83·0 current·0 all-time
by@omermesebuken1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose is Notion -> Telegram reports, which would legitimately require Notion credentials/DB IDs and a Telegram target, but the registry metadata declares no required environment variables or primary credential. The code clearly expects OPENCLAW_NOTION_TOKEN, OPENCLAW_NOTION_DB_PROJECT_IDEAS, OPENCLAW_NOTION_DB_NIGHTLY_RUNS, and OPENCLAW_TELEGRAM_TARGET (among possible others). This mismatch between claimed requirements and actual needs is incoherent and surprising.
!
Instruction Scope
SKILL.md instructs running the included build and send scripts, which is expected, but those scripts: (1) call out to the Notion API and will fail unless tokens/DB IDs are present, (2) load local environment via an imported loadLocalEnv module, and (3) the sender executes (via node) an absolute path under /Users/dellymac/.openclaw/.../factory_ops.mjs to record deliveries. Running code outside the bundle and importing local helper modules expands scope beyond the described skill and may execute arbitrary local code.
Install Mechanism
No install spec (instruction-only) and included JS scripts—no network downloads or package installs are declared. That's lower install risk, but the bundle contains executable scripts that will run with the user's Node and rely on an external 'openclaw' binary.
!
Credentials
The scripts require sensitive environment variables (Notion bearer token and DB IDs, plus a Telegram target) but the registry declares none. The sender forwards process.env to spawned processes and invokes openclaw with that environment, which could expose unrelated secrets if present. The number and sensitivity of env variables is reasonable for the task, but failing to declare them is a proportionality/Transparency problem.
!
Persistence & Privilege
The skill is not flagged 'always' and does not request system-wide persistence; however it executes another local skill/script via an absolute path (factory_ops.mjs) and imports a local loadLocalEnv module. That cross-skill/local-code execution increases privilege surface because sending a report triggers execution of code outside this bundle, which is unexpected and potentially dangerous.
What to consider before installing
Before installing or running this skill: (1) expect to provide a Notion API token, two Notion DB IDs (ideas and nightly runs), and a Telegram target—these are required though not declared; (2) review the included scripts carefully—build_report.mjs queries Notion and send_report.mjs spawns the local 'openclaw' binary and also runs a node script at an absolute path (/Users/dellymac/.openclaw/skills/notion-pipeline/scripts/factory_ops.mjs). That last behavior executes code outside the skill and could run arbitrary local logic—verify that target file (or change the code) before use; (3) verify the openclaw CLI behavior and ensure no unrelated secrets in your environment will be forwarded to child processes; (4) ask the publisher to update SKILL.md/registry metadata to list required env vars and to remove/justify calls to external absolute paths (or provide the referenced helper modules inside the bundle). If you cannot inspect or control the referenced local scripts, run this in a sandbox or decline the skill.
scripts/send_report.mjs:115
Shell command execution detected (child_process).
scripts/build_report.mjs:10
Environment variable access combined with network send.
!
scripts/build_report.mjs:295
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

factoryvk970t9v8d9t8gyjg5wpf58gb9s83v2bylatestvk970t9v8d9t8gyjg5wpf58gb9s83v2bytelegramvk970t9v8d9t8gyjg5wpf58gb9s83v2by

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📨 Clawdis
Binsnode, openclaw

Comments