Skillv1.0.1

ClawScan security

Kisa Guideline Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 7:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (collect KISA/Boho guidelines and publish them to Notion) is plausible, but there are inconsistencies and some behaviours (reading the user's workspace .env, mutating sys.path/working directory to import sibling modules, and undocumented required credentials) that warrant manual review before installing or scheduling automated runs.
Guidance: This skill appears to do what it says (crawl KISA/Boho and publish PDFs to Notion), but there are a few red flags you should address before installing or scheduling it automatically: - Confirm and document required environment variables in the registry metadata (NOTION_API_KEY, SECURITY_NEWS_DATABASE_ID, SECURITY_GUIDE_DATABASE_ID). The current registry claims none, which is inconsistent. - Inspect the code in the referenced modules (security-news-feed/modules/crawlers/* and publisher_service.py / notion_handler.py). The published script imports and executes code from a sibling package; that imported code will run with your user privileges and may perform network I/O or read files. - Check the contents of ~/.openclaw/workspace/.env before running. The script loads the entire .env file; ensure it contains only the secrets you intend to expose to this skill (don't keep other unrelated credentials there). Consider running in an isolated workspace or with a minimal .env for testing. - Before enabling any cron/LaunchAgent scheduling, run the script manually with a test Notion database to verify behavior and that only expected network endpoints (KISA/boho and Notion) are contacted. - If you cannot review the other module files, treat the skill as untrusted and avoid scheduling it or providing high-privilege credentials. If you provide the code for the referenced modules (modules/crawlers/kisa.py, modules/crawlers/boho.py, publisher_service.py, notion_handler.py), I can do a deeper review and raise any further concerns.

Review Dimensions

Purpose & Capability: notePublishing guidelines to Notion aligns with the described functionality and the script shows direct Notion publishing and PDF uploads. However, the registry metadata reports no required environment variables or primary credential while SKILL.md and the script explicitly require a Notion API key and database IDs; this mismatch is unexpected and should be corrected.
Instruction Scope: concernThe SKILL.md and script instruct the agent to load ~/.openclaw/workspace/.env (potentially exposing any secrets there), cd into a workspace path, and then change working directory to a sibling 'security-news-feed' package and import its modules. The script triggers network activity (crawling KISA/Boho, downloading PDFs, and uploading to Notion). Those actions are relevant to the purpose, but reading an entire .env and importing sibling modules gives the skill access to unrelated secrets and code in the user's workspace — a broader scope than strictly necessary.
Install Mechanism: okThis is an instruction-only skill with a script file; there is no install spec, no external downloads, and no archive extraction. Risk from installation is low, but the script does rely on the presence of other local modules (security-news-feed) which must be present and trusted.
Credentials: concernPublishing to Notion reasonably requires NOTION_API_KEY and a database ID; SKILL.md documents these. But the registry incorrectly lists no required env vars. The script uses dotenv to load the entire ~/.openclaw/workspace/.env which may contain unrelated secrets (e.g., GLM key or other tokens). Loading the entire .env by default increases risk of inadvertent exposure or misuse of other credentials.
Persistence & Privilege: noteThe skill itself is not forced-always and does not request elevated platform privileges. SKILL.md suggests optional user actions to schedule the script via LaunchAgent/cron (persistence), which would be a manual choice. If you choose to schedule, review and vet the code and environment first.