Daily Standup
Security checks across malware telemetry and agentic risk
Overview
This is a coherent daily standup aggregator, but it needs access to multiple connected work accounts and an external MorphixAI plugin/API key.
This skill appears benign and purpose-aligned. Before installing, make sure you trust MorphixAI and the openclaw-morphixai plugin, connect only the accounts you want summarized, and review/revoke permissions if the summaries include more sensitive data than expected.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read information from connected accounts such as repositories, issues, email, calendar, and tasks.
The skill requires an API key and delegated access to multiple external work accounts. This is expected for a standup aggregator, but it is still sensitive authority.
获取 API Key... 配置环境变量: `export MORPHIXAI_API_KEY="mk_your_key_here"` ... 链接需要聚合的服务账号(GitLab、Jira、Outlook 等)
Only connect accounts you want included in standups, review permission prompts, prefer least-privilege scopes where available, and revoke the MorphixAI key or account links if no longer needed.
Using the skill requires trusting the external MorphixAI plugin to handle account connections and tool calls safely.
The instruction-only skill depends on an external plugin that was not included in the provided artifacts. Installing it is user-directed and purpose-aligned, but it expands the trusted code/tool surface.
安装插件: `openclaw plugins install openclaw-morphixai`
Install the plugin only from a trusted source, review its permissions and provenance, and keep it updated.
Daily summaries may expose snippets of work items, message subjects, task titles, and meeting details to the agent session and the integration provider.
The skill routes data from multiple connected providers through MorphixAI tools for aggregation. This is disclosed and central to the purpose, but it involves sensitive cross-service data flow.
使用 `mx_*` 工具并行查询以下数据源... GitLab... GitHub... Jira... 邮件... 待办任务... 日历
Confirm MorphixAI’s privacy, retention, and access policies before linking sensitive accounts, and avoid connecting sources that should not appear in summaries.