Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily AI Briefing(每日AI简报)
v1.2.0每日AI硬核进展简报的质量规范与执行流程。定义红线规则、搜索策略、信息源、提纯标准、自检清单和输出模板。
⭐ 0· 50·0 current·0 all-time
byTino Chen@tino-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (daily AI briefing) align with the SKILL.md: it searches web sources, filters, and writes a markdown report. However, the skill's runtime steps require reading/writing ~/Desktop/daily_ai_briefing/ for history and output but the registry metadata lists no required config paths. The omission is a mismatch (the skill implicitly needs filesystem access).
Instruction Scope
SKILL.md is detailed and stays on-topic: it mandates web_fetch/web_search against whitelisted sources, enforces strict filtering, and writes a dated .md into the user's Desktop folder. The only noteworthy scope creep is the explicit requirement to read the user's ~/Desktop/daily_ai_briefing/ history (create it if missing) — this is reasonable for de-duplication but is not declared in metadata and will access local files.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing will be written to disk by an installer beyond agent-run outputs. This is the lowest-risk install mechanism.
Credentials
No environment variables, no credentials, and no external tokens are requested. Web access is required (web_fetch/web_search) which is proportional to the described purpose.
Persistence & Privilege
The skill is not forced-always and allows autonomous invocation (platform default). It will create and write report files under ~/Desktop/daily_ai_briefing/ and read recent .md files there. It does not request other skills' config or system-wide changes. The fact it manipulates a user home path should be highlighted to users.
What to consider before installing
This instruction-only skill appears coherent with a daily briefing workflow, but take these precautions before installing:
- Be aware the skill will read and write files in ~/Desktop/daily_ai_briefing/ (it will create the folder if missing). Move any sensitive files out of that folder or pre-create an empty folder if you want to limit what it can read.
- The registry metadata did not declare required config paths, yet the SKILL.md expects filesystem access — confirm you are comfortable granting the agent access to that path.
- The skill performs many web_fetch/web_search operations against public sources; ensure your environment's web access policies are acceptable and that no private endpoints are used.
- The skill's 'Source' in the registry is unknown even though SKILL.md contains a GitHub repo URL. If provenance matters, review the linked repository and author (https://github.com/tino-chen/openclaw-skills/tree/main/daily-ai-briefing) before enabling.
- If you accept installation, consider running it in a limited environment (or with an isolated folder) and review the first generated report to verify it only accessed/recorded expected content.
Given the small but meaningful mismatch (undeclared filesystem path usage and unclear provenance), proceed cautiously — this is internally consistent but warrants user review of the repository and an explicit decision about filesystem access.Like a lobster shell, security has layers — review code before you run it.
latestvk97a3mazctp73rmpgbnpbb7sv5849620
License
MIT-0
Free to use, modify, and redistribute. No attribution required.