v2.1.0

悟空邀请码监控

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

This skill appears to do what it says—monitor a fixed invite-code image, OCR it locally, and optionally run on a schedule—but users should notice the optional cron persistence and system package installation steps.

GuidanceBefore installing, review the shell scripts, especially the optional sudo dependency installer and cron setup. If you use scheduled monitoring, remember it will keep running until you remove the cron entry, and expect logs/state files under /tmp plus downloaded invite images in the workspace.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/install-dependencies.sh

CMD="sudo apt install -y tesseract-ocr tesseract-ocr-chi-sim" ... read -p "是否现在安装？(Y/n): " ... eval $CMD

The setup script can install OCR packages with sudo via the system package manager. It prompts first and is aligned with the OCR purpose, but it is still elevated installation behavior users should review.

User impactRunning the installer may make system-level package changes to add Tesseract OCR support.

RecommendationRun the installer only if you are comfortable with the displayed package-manager command, or install Tesseract manually using your operating system's trusted package source.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scripts/setup-cron.sh

CRON="*/$INTERVAL * * * * cd $(dirname $0) && python3 monitor_lite.py check >> /tmp/wukong-monitor.log 2>&1" ... | crontab -

The optional setup script writes a recurring cron job so monitoring continues in the background. This is disclosed and purpose-aligned, but it is persistent behavior.

User impactThe monitor can keep running every few minutes after setup and will continue writing logs until the cron entry is removed.

RecommendationUse the cron setup only if you want ongoing monitoring, and remove the wukong cron lines when you no longer need it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceHighStatusNote

scripts/heartbeat-check.py

NOTIFY_FILE = "/tmp/wukong-new-code-notify.txt"
WATCHED_FILE = "/tmp/wukong-watched-state.json"

The skill stores notification and watched-state data in /tmp files and later reads them back for notification handling. This is expected for deduplication, but /tmp is shared local storage.

User impactNotification text and state remain on disk and could be read or changed by other local processes with access to those files.

RecommendationTreat the /tmp wukong files as non-private status files; delete them if you stop using the monitor or want to reset its notification state.