Skillv1.0.0

ClawScan security

每日Get笔记智能盘点 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 5:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill's instructions say it will scan a specific local Obsidian folder and update external CRMs, but the package declares no required config paths or credentials and is vague about where data is stored or what exact external access is needed.
Guidance: This skill will scan a specific folder on your Desktop and automatically update external CRMs and task lists, but its manifest doesn't declare the local path or any credentials. Before installing or enabling it: (1) confirm where it will read/write (ask the author to declare the required config path explicitly); (2) confirm which service credentials it needs and whether those will be provided by other skills or requested at run time; (3) prefer granting access in a sandbox or test account first (especially for CRM updates); (4) if you don't want automatic runs, disable scheduling or require manual approval for actions that write to external systems; (5) if you need more assurance, request the author add explicit env/config declarations and clearer data-flow details (where '素材库/选题库' is stored, which APIs are called, and how credentials are protected).

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (scan local recordings, classify, and update 飞书/滴答/CRM) reasonably requires access to a local directory and credentials for external services, but the registry metadata declares no required config paths or environment variables. That mismatch suggests the skill either relies implicitly on other skills/agent permissions or the manifest is incomplete.
Instruction Scope: concernSKILL.md explicitly instructs scanning a concrete local path: '~/Desktop/Obsidian/sky的知识库/00-Inbox/录音文件/Get笔记/'. It also directs updating external services (飞书CRM, 滴答清单) and storing items in unspecified '素材库/选题库'. The instructions do not declare how credentials are obtained, where outputs are stored, nor do they limit what files are read beyond the folder—this is broader and vaguer than the manifest implies.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk by an installer, which is the lowest-risk install mechanism.
Credentials: concernThe workflow requires updating 飞书CRM and 滴答清单 and calling multiple other skills (sales-analyzer, meeting-analyzer, etc.), which normally need service credentials or access tokens. The manifest requests no environment variables or config paths, so required secrets/credentials are not declared — a proportionality mismatch.
Persistence & Privilege: notealways:false (good). The skill declares scheduled runs (daily 9:00 and 00:00) and will call other skills autonomously; autonomous invocation is platform-default but increases impact because it reads local files and updates external services. The skill does not request persistent 'always' installation or modify other skills' configs.