kb-digest

The skill's code, instructions, and environment requirements are consistent with a document-to-LLM summarizer and do not show signs of hidden data exfiltration or unrelated credential access.

This skill is coherent with its stated purpose, but check a few practical points before running: (1) The skill sends extracted content to whatever LLM base URL and API key are configured — do not send sensitive or confidential documents unless you trust the model endpoint. (2) The SKILL.md expects OpenClaw to inject OPENCLAW_LLM_* variables; verify the platform will provide them or pass overrides via CLI. (3) The package suggests installing dependencies via pip; review requirements.txt and run in a virtual environment. (4) The registry metadata/version mismatch and the SKILL.md declarations are minor packaging issues — if you need high assurance, ask the publisher for an authoritative homepage or audit the repository. (5) If you plan to enable Feishu push, ensure the FEISHU_WEBHOOK_URL points to a trusted webhook (webhooks can receive whatever output the skill sends).