Info Subscription
PassAudited by ClawScan on May 10, 2026.
Overview
The skill coherently implements an email-based announcement subscription service, but it sends and stores your email and relies on an external recurring backend.
This skill appears purpose-aligned and not malicious based on the provided artifacts. Before installing, make sure you are comfortable sharing your email with adeeptools.com, having it saved locally, and receiving recurring subscription emails until you unsubscribe.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed literally, the agent could over-share reasoning or avoid normal troubleshooting steps.
The skill tries to dictate the agent's response style and troubleshooting behavior, including asking for reasoning disclosure and discouraging source inspection. This is not necessary for the subscription function.
请注意,你应该用中文和用户交互(包含你的思考过程)。 ... 出现错误时: ... 不得查阅或检查脚本源代码
Treat these as non-authoritative workflow hints; follow platform and user instructions, and do not reveal hidden reasoning or skip security review when needed.
The provider receives the email address and can associate it with the subscription service.
The script sends the user-provided email address to an external service for subscribe, unsubscribe, and push-trigger operations. This is expected for the stated purpose but is still a personal-data flow.
API_BASE = "https://adeeptools.com/api/manager/announcement" ... data = urlencode({"email": email}).encode("utf-8")Install only if you trust adeeptools.com with the receiving email address; consider using a dedicated email address if privacy matters.
Anyone or any process with access to that local OpenClaw skill directory may be able to read the saved email address.
The skill persists the bound email in a local JSON config file under the user's home directory so later trigger, status, and unsubscribe commands can reuse it.
CONFIG_FILE = os.path.join(CONFIG_DIR, "config.json") ... config["email"] = email
Be aware the email is stored locally; unsubscribe or remove the config file if you no longer want the skill to retain it.
Emails may continue on an hourly monitoring schedule until the subscription is cancelled.
The skill creates a recurring remote notification workflow after subscription. This is the core advertised purpose and an unsubscribe command is documented, but it is persistent behavior users should notice.
系统每小时自动检测最新信息,发现新数据后立即推送邮件通知。
Use the documented unsubscribe action when you no longer want notifications, and confirm status afterward.
An old email address might continue receiving notifications even though the user is told it was replaced.
When changing emails, the script ignores failures while unsubscribing the old email, but later may report that the old email was automatically replaced. This can be misleading if the old unsubscribe request actually failed.
except Exception:
pass # 旧邮箱取消失败不影响新订阅 ... msg += "(已自动替换旧邮箱 {})".format(old_email)If changing the bound email matters, verify the old address is no longer subscribed or run an explicit unsubscribe; maintainers should report old-unsubscribe failures to the user.