daily_summary

Security checks across malware telemetry and agentic risk

Overview

This skill is privacy-sensitive, but the artifacts mostly do what they say: create a daily work summary from local OpenClaw memory and browser history, with optional Feishu delivery.

Install only if you are comfortable with the skill reading local OpenClaw memory and Chrome/Edge history, saving a summary back into local memory, and sending summaries to the configured Feishu channel if you enable the cron command. Test it manually first and use a Feishu destination where automated work summaries are appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script's declared purpose is to generate a daily summary, but it also persists new content into the workspace memory file as a side effect. Hidden data modification expands the skill's behavior beyond user expectations and can pollute or alter records that may later be consumed by other agents or workflows.

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The manifest says the summary is based on chat records and browser history, but the implementation reads a local memory markdown file instead. This is a capability mismatch that can cause the skill to process a different, potentially broader or more sensitive data source than users expect.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill processes private local chat history and browser history, then sends a generated summary to Feishu, yet it provides no privacy notice or data-transmission warning. Even a short summary can leak sensitive projects, websites, contacts, or work patterns to an external service, especially when sent automatically on a schedule.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The code accesses Chrome and Edge browsing history databases directly, which contain sensitive behavioral data such as visited sites and activity timing, without any user-facing notice or consent flow. Even though only a summary is generated, the raw history access is broader than necessary and increases privacy risk if the skill is run unexpectedly or in a shared environment.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs access to highly sensitive local sources—chat history and browser history—and then sends a derived result to Feishu. In context, the automatic scheduled execution makes this more dangerous because users may forget it is running, causing repeated exfiltration of sensitive work patterns or confidential activity without per-send review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal