ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Git Daily Report

v1.0.0

发送 image-tool (所有 remote 分支) 和 voc 项目 (dev 分支) 的每日 Git 变化报告 + 代码审查(安全 + 通用)(前一天)。

0· 0·0 current·0 all-time
by@kidok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the SKILL.md: it enumerates repos, collects commits and diffs, and runs basic static checks. Required binaries (git, rg, curl) are appropriate. However the instructions rely on external platform tools ('message' and 'cron') that are not declared in the metadata, and the repo paths are hard-coded to /home/admin/… which assumes a specific host layout; both are noteworthy operational assumptions.
!
Instruction Scope
The runtime instructions instruct the agent to read repository files under /home/admin/… and run ripgrep rules that will likely surface secrets (passwords, API keys) and then include findings in a report sent to a DingTalk target. The SKILL.md contains inconsistent placeholders (cd /path/to/repo) vs. concrete paths in the table, and CHANGED_FILES logic references origin/main even though some projects target dev. There is no instruction to redact or sanitize secrets before sending, so the agent could transmit sensitive data off-host.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — low write-to-disk risk. It depends on existing binaries (git, rg, curl) which is appropriate and proportional.
!
Credentials
The skill requests no environment variables or credentials, yet it will read local repository files and send reports externally to a DingTalk target ID via an unspecified 'message' tool. Because it searches for and may reveal secrets, the lack of declared messaging credentials or a redaction/privacy policy is a mismatch: sending potentially sensitive data to an external channel without specifying how that channel is authorized or protected is a proportionality/privacy concern.
Persistence & Privilege
The SKILL.md includes cron job instructions to schedule daily autonomous runs. 'always' is false, so it won't be force-included, but once scheduled it will periodically execute and send reports without further user action. This persistence is reasonable for a scheduled report feature, but increases the impact of any accidental secret disclosure — confirm scheduling runs under an appropriately scoped account and that the target channel is intended.
What to consider before installing
Before installing, verify the following: - Confirm the repository paths (/home/admin/...) match your environment; the SKILL.md contains both placeholders and absolute paths and may need editing. - Understand who/what owns the DingTalk target (1923216025-1426160278) and how the agent authenticates to it; the skill does not declare messaging credentials or how they are protected. - The review rules will likely capture full secrets (API keys, passwords). Decide whether reports should redact or omit matched secret strings before being sent and update the scripts accordingly. - Check the git branch logic (the script uses origin/main in diff examples while voc repos target dev) and test in a safe environment first. - If you schedule the cron job, ensure it runs under a least-privilege account and that periodic autonomous sending of repository contents to an external channel is acceptable to your security/privacy policies. - If you are uncertain about the message/cron tooling or where credentials live on the platform, request implementation details or require explicit consent/authorization before the skill sends any data externally. If you cannot verify the messaging integration and intended recipients, treat this skill as potentially exposing sensitive data and avoid enabling it until those issues are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk976sgrk2bkyw7a324gqem9c1984mesm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsgit, curl, rg

Comments