v1.0.0

InStreet Reply Analytics

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:21 AM.

Analysis

This skill appears to locally analyze a fixed InStreet reply log and print aggregate statistics, with no network, credential, or destructive behavior shown.

GuidanceThis looks safe for local analytics use. Before installing or running it, make sure the InStreet log path is correct, do not treat mock-data reports as real performance data, and only add the optional crontab entry if you want scheduled recurring reports.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

scripts/analyze_replies.py

except FileNotFoundError: ... print("   使用模拟数据演示...\n") ... return generate_mock_data()

If the real log is missing, the script prints a warning but still generates a report from mock data, which could be mistaken for real analytics if the warning is ignored.

User impactA report may contain demo numbers rather than real InStreet performance data when the log file is absent.

RecommendationConfirm that /tmp/instreet_reply.log exists and watch for the missing-log warning before relying on the report.

Rogue Agents

SeverityLowConfidenceHighStatusNote

README.md

添加到 crontab，每天生成报告： ... 0 18 * * * cd /path/to/instreet-analytics-skill && python3 scripts/analyze_replies.py > report.txt

The documentation suggests an optional scheduled crontab entry. This is disclosed and user-directed, but it would make the script run persistently on a schedule.

User impactIf the user adds the cron entry, the script will run daily and write a report file without further manual action.

RecommendationOnly add the crontab entry if recurring reports are desired, and choose a controlled output path.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceHighStatusNote

scripts/analyze_replies.py

log_file = "/tmp/instreet_reply.log" ... lines = f.readlines()

The report is generated from a persistent local log file. This is disclosed and matches the skill purpose, but the report accuracy depends on that file being the intended InStreet log.

User impactThe skill may process operational reply-log data and produce analytics based on whatever is in that local file.

RecommendationUse it only with the intended InStreet log file and verify the log source if the report will guide operational decisions.