Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
secretary-core-秘书核心模块
v4.0.0智能助理核心技能,支持 20 轮对话上下文、情感识别、主动提醒、日程管理,集成飞书/钉钉/企业微信。
⭐ 0· 141·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (assistant with 20-turn context, reminders, Feishu/DingTalk/WeChat integration) is consistent with the included Python code implementing context, intent, emotion, reminders and habit learning. Requiring platform bot tokens in the SKILL.md is proportionate for multi-platform messaging. However, registry metadata lists no required env vars while SKILL.md documents FEISHU_BOT_TOKEN, DINGTALK_BOT_TOKEN and WECHAT_BOT_TOKEN — that mismatch is incoherent. The README/clawhub.json versions also differ from SKILL.md (3.0.0 vs 4.0.0), which reduces trust in the package metadata.
Instruction Scope
Runtime instructions and examples explicitly reference reading/writing a user config (~/.secretary/config.yaml) and a system log path (/var/log/secretary.log), and they request platform tokens and mention sending messages via Feishu/DingTalk/WeChat. Those are expected for this skill, but the README claims 'Local processing, no cloud upload', which contradicts the integrations. The SKILL.md instructs use of env vars and config files that could contain sensitive tokens; the skill will therefore access credentials if provided. Also the documented file structure references platform integration modules (platform/feishu.py etc.) but those files are not present in the listed file manifest — the instructions thus promise integrations that may not exist in the packaged code.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is automatically downloaded from arbitrary URLs. The package includes Python source files and a lightweight requirements.txt (numpy). That is lower risk than remote downloads. However, setup.py was mentioned/truncated in SKILL.md/README but not shown in file manifest — ambiguous packaging.
Credentials
SKILL.md and README document environment variables for platform tokens (FEISHU_BOT_TOKEN, DINGTALK_BOT_TOKEN, WECHAT_BOT_TOKEN) and various SECRETARY_* settings. For a multi-platform assistant, those tokens are reasonable to request, but the registry metadata earlier reported 'Required env vars: none', an inconsistency. The skill asks for tokens (sensitive) and also documents a log file path and config file which may store tokens; you should not supply platform bot tokens until the code that uses them is reviewed. No other unrelated credentials were requested.
Persistence & Privilege
always:false (normal). The skill is user-invocable and allows autonomous model invocation (disable-model-invocation:false) which is platform-default and not by itself flagged. The skill intends to read and write a per-user config (~/.secretary/config.yaml) and a log file (/var/log/secretary.log); writing to /var/log/ may require elevated permissions on some systems. The package does not request system-wide privilege escalation in metadata, but the documentation implies persistent local config and logs.
What to consider before installing
This skill appears to implement the advertised assistant features, but there are multiple red flags you should address before installing or providing credentials: 1) Metadata mismatch — the registry says no env vars are required, but the SKILL.md and README request FEISHU/DingTalk/WeChat bot tokens and other SECRETARY_* env vars. Ask the author to reconcile the metadata and confirm which env vars are actually used. 2) Missing platform code — the documented file structure references platform integration modules (platform/feishu.py, platform/dingtalk.py, platform/wechat.py) but those files do not appear in the package listing; verify the actual code paths that send messages. 3) Privacy claim contradiction — README claims 'local processing, no cloud upload', yet the skill is designed to integrate with cloud messaging platforms; if you plan to supply platform tokens, assume messages and metadata will go to external services. 4) Inspect the code that uses tokens and any network calls (platform modules) before supplying secrets; run the skill in an isolated environment or sandbox first. 5) Prefer installing only from the claimed GitHub repo (verify the exact repo and commit/published tag) and confirm the author identity and integrity (signatures/checksums). If you cannot validate these points, do not provide platform bot tokens or point the skill at production accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk976yr6dza504pvrm1kczb0b6n83483b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.