jike-digest
AdvisoryAudited by VirusTotal on Apr 9, 2026.
Overview
Type: OpenClaw Skill Name: jike-digest Version: 1.0.1 The skill contains a potential shell injection vulnerability in SKILL.md, as the `{topic_id}` parameter is passed directly into a shell command (`autocli`) without explicit sanitization instructions. Additionally, it uses a hardcoded absolute path (`/Users/victor/Desktop/...`) as a default directory, which is highly specific to a local environment and potentially risky if the agent attempts to manage files (e.g., the 'clearing' step) in unintended locations. The Python script `scripts/filter_recent.py` itself appears benign and performs standard data filtering.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the output directory is misconfigured, existing digest files for that topic/date could be overwritten or removed.
The skill instructs the agent to delete or clear existing files for the current topic/date before writing the new digest. This is scoped to generated output and purpose-aligned, but users should make sure BASE_DIR is set correctly.
若 `{BASE_DIR}/{topic_id}/{YYYYMMDD}/` 已存在则清空与当前 topic 相关文件Set BASE_DIR to a dedicated digest folder and avoid pointing it at directories containing unrelated files.
The safety and behavior of the actual Jike fetching step depends on the user's local autocli installation, which was not reviewed here.
The main data-fetching behavior depends on an external 'autocli' command, but that dependency is not included, pinned, or installed by the reviewed skill artifacts.
- **autocli**:获取 Topic 内容
Use a trusted autocli installation and verify what account or network access it uses before running the digest workflow.