Crypto Daily Report (中文)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s crypto-reporting purpose is coherent, but its instructions include hardcoded Telegram delivery targets and persistent daily scheduling that could post outside a user-selected channel.
Review the destination channel before any send or schedule action. Do not use the hardcoded Telegram ID unless it is actually yours, and make sure you know how to remove the cron job after enabling daily delivery.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A report could be sent or scheduled to a Telegram channel the user did not intend, using the agent’s available messaging capability.
The scheduled delivery example targets a specific Telegram channel ID rather than a placeholder or explicitly user-provided channel, creating risk of posting to an unintended external destination.
--target "telegram:-1002009088194" \ --command "generate-crypto-daily-report"
Remove hardcoded channel defaults, require the user to provide the destination, and ask for explicit confirmation before sending or scheduling messages.
The agent could continue posting daily reports until the cron job is manually discovered and removed.
The skill instructs creation of a persistent daily scheduled task. Scheduled delivery is part of the stated purpose, but the artifacts do not document a removal/disable flow or bounded duration.
cron add --name "crypto-daily-report" \ --schedule "0 0 * * *" \ --timezone "Asia/Shanghai"
Document how to list and remove the scheduled job, confirm the schedule and target with the user, and consider adding an expiration or opt-out.
If the connected messaging account or bot has broad posting rights, mistakes could affect more channels than intended.
Posting to Telegram or Discord uses delegated messaging/channel authority. This is expected for the skill’s purpose, but users should ensure the authority is limited to intended channels.
scheduled crypto news delivery to Telegram/Discord channels
Use least-privileged messaging credentials or bots and verify the exact target channel before enabling delivery.
Users may need to install or trust external tooling outside the registry’s declared requirements.
The README lists required tools, but the registry metadata declares no required binaries or environment requirements. This is mainly an install/review completeness issue.
确保已安装依赖: - `onchainos` CLI 工具 - `curl` - `web_fetch` 和 `web_search` 工具(OpenClaw 内置)
Declare required tools in metadata/install specs and verify the provenance of any external CLI before using the skill.