AI Daily Digest
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ai-daily-digest Version: 1.0.0 The skill bundle is classified as suspicious due to several critical vulnerabilities, primarily shell injection and prompt injection against the LLM. In `SKILL.md`, the agent is instructed to export user-provided API keys (`GEMINI_API_KEY`, `OPENAI_API_KEY`) directly into shell commands without proper sanitization, creating a direct Remote Code Execution (RCE) risk. Additionally, the `scripts/digest.ts` code embeds untrusted article titles and descriptions from RSS feeds directly into prompts for the AI model, making the LLM vulnerable to prompt injection attacks. A path traversal vulnerability also exists in `scripts/digest.ts` if a user-controlled `--output` path is not properly sanitized, allowing arbitrary file writes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Gemini API key may remain on disk after the digest runs and could be reused by future runs or exposed to anyone with access to that local file.
The skill asks for an AI provider API key, uses it as an environment variable, and stores it in a persistent local config file for reuse.
配置文件路径: `~/.hn-daily-digest/config.json` ... `"geminiApiKey": ""` ... `export GEMINI_API_KEY="<key>"`
Use a limited-scope API key if available, avoid sharing the config file, and delete `~/.hn-daily-digest/config.json` or rotate the key if you no longer trust the environment.
Running the skill may execute a runtime package downloaded at run time, which adds normal package-supply-chain risk.
The skill discloses that it runs the TypeScript script through `npx -y bun`, which may fetch the Bun runtime from the package ecosystem without a pinned version.
`npx -y bun ${SKILL_DIR}/scripts/digest.ts` ... `bun` 运行时(通过 `npx -y bun` 自动安装)If you want tighter control, install and pin Bun yourself from a trusted source, then adapt the command to use the local pinned runtime.