v1.2.0

Brand Monitor - 品牌舆情监控

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:04 AM.

Analysis

The skill has a coherent brand-monitoring purpose, but its safety text misstates the third-party data flow by saying it does not send data outside Feishu while the included crawler uses SerpAPI.

GuidanceReview before installing. Use this only if you are comfortable sending brand search queries to SerpAPI and reports to Feishu, configure dedicated/rotatable credentials, keep install logs private, test manually before scheduling, and clarify or update the skill’s misleading safety text.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

✅ 不依赖第三方搜索 API（无需 Brave/Perplexity API Key） ... ✅ 不发送数据到第三方服务器（除了配置的飞书 Webhook）

This safety claim says data is not sent to third parties except Feishu, but the included crawler uses SerpAPI (`crawler/search_crawler_serpapi.py` shows `self.base_url = "https://serpapi.com/search"`) and the docs require `SERPAPI_KEY`. Users could be misled about where search terms and monitoring queries go.

User impactA user may install expecting local-only searching, while the skill actually sends brand search queries through SerpAPI and may incur third-party API costs.

RecommendationUpdate the main skill description and metadata to clearly state that SerpAPI is used, what data is sent, and that Feishu is used for report delivery.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

prompts/monitor.md

cd ~/.openclaw/workspace/skills/brand-monitor/crawler
python search_crawler_serpapi.py "{{brand_name}}" "{{platforms_list}}" 20 {{monitor_hours}}

The agent is instructed to use shell execution to run the local crawler with configured brand/platform parameters. This is central to the skill’s purpose, but it is still command execution.

User impactThe skill can run local commands as part of normal operation.

RecommendationUse trusted configuration values, review the command before first run, and avoid putting shell metacharacters or untrusted text in brand/platform settings.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

crawler/requirements.txt

requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0

The Python dependencies use minimum-version ranges rather than exact pins, and install.sh installs them from the package index. This is common and purpose-aligned, but dependency versions can drift over time.

User impactFuture installs may pull newer dependency versions than the author tested.

RecommendationPrefer a lockfile or pinned versions if using this in a production monitoring workflow.

Rogue Agents

SeverityLowConfidenceHighStatusNote

README.md

# 每天早上 9 点执行品牌监控
0 9 * * * cd ~/.openclaw && openclaw agent --message "执行品牌监控" >> /var/log/brand-monitor.log 2>&1

The documentation shows how to schedule recurring agent execution. This is user-directed and fits a monitoring tool, but it creates ongoing background activity.

User impactIf scheduled, the skill may continue sending reports and consuming SerpAPI quota until the schedule is removed.

RecommendationRun manually first, monitor API usage, and only add cron/systemd scheduling after confirming the configuration and report destination.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

install.sh

if [ -z "$SERPAPI_KEY" ]; then ... else
    echo "✓ SERPAPI_KEY 已设置"
    echo "  Key: ${SERPAPI_KEY:0:10}..."

The installer checks for a SerpAPI credential and prints the first characters of it. The credential use is expected for SerpAPI, but it is under-declared in registry metadata and should not be exposed in shared logs.

User impactAPI keys and webhook URLs used by this skill can authorize searches or posting into a Feishu group.

RecommendationUse a dedicated SerpAPI key and Feishu webhook, keep install logs private, and rotate the credentials if they are exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

prompts/monitor.md

使用 `memory` 工具保存监控数据 ... "top_mentions": [
    {前5条提及的完整数据}
  ],

The skill saves monitoring summaries and top mention details into persistent memory so later trend analysis can read them. This supports the stated trend-analysis feature, but retained public/web data may be reused in later tasks.

User impactBrand monitoring results and report history may persist beyond the current chat/session.

RecommendationConfirm where OpenClaw memory is stored, set retention expectations, and clear old monitoring data if it is no longer needed.