Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily to Goal AI Coach
v0.1.1Daily to Goal AI Coach — 在 ClawHub / OpenClaw 中一键安装,自动开通 Daily to Goal 工作空间,通过对话完成目标管理、任务追踪、贡献记录、每日摘要与团队周报的完整闭环。支持个人模式与团队模式,安装全程在 IM 渠道(Telegram 等)对话内完成,无需跳转网页。
⭐ 0· 87·0 current·0 all-time
byXiao Ke@xiaoke-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill description promises a hosted workspace, automated daily/weekly triggers, and IM-based installation. That functionality legitimately requires a backend service (web endpoints, a database, and secrets). However the published package is instruction-only with no server code or install spec, while skill.json declares an entrypoint (/api/skill-gateway) and installation endpoints. This is internally inconsistent: either the skill is just documentation for a separate service, or the package is incomplete.
Instruction Scope
SKILL.md describes an IM-only install flow and refers to a '.env.example', but does not give concrete deployment steps. README explicitly requires calling /api/skill-gateway/installations/start and /complete and lists required env vars (DATABASE_URL, SKILL_GATEWAY_BASE_URL, CLAWHUB_INSTALLATION_SECRET, WEB_ORIGIN). The instructions therefore implicitly expect the agent/user to host accessible HTTP endpoints and provide database credentials — none of which are provided or automated by this package. That scope creep (needing hosted endpoints and secrets) is not surfaced in the registry metadata.
Install Mechanism
There is no install spec (instruction-only), so nothing is written to disk by the platform. That reduces immediate supply-chain risk. However because runtime behavior requires a separately hosted service, the real install risk depends entirely on where the user will host the service and what code they deploy (which is not included here).
Credentials
Registry metadata lists no required env vars, but README documents several sensitive variables: DATABASE_URL (Postgres connection), CLAWHUB_INSTALLATION_SECRET (shared secret), SKILL_GATEWAY_BASE_URL and WEB_ORIGIN. Those are plausible for a web-backed workspace/automation service, but the mismatch between declared requirements (none) and README is a red flag. Users should not supply database credentials or shared secrets to an opaque/incomplete package without knowing who runs the service and reviewing the code.
Persistence & Privilege
always is false (normal) and the skill is user-invocable. Autonomous invocation is allowed (default) but there is no shipped code to act on that. The main persistence/privilege concern is that the skill's operation would require long-lived credentials (DB URL and an installation secret). Granting those to an unknown or unreviewed backend would be high-risk.
What to consider before installing
Do not install or provide secrets yet. The package is missing the server code that skill.json and the README refer to — it expects hosted endpoints (/api/skill-gateway/*) and sensitive environment variables (DATABASE_URL, CLAWHUB_INSTALLATION_SECRET, SKILL_GATEWAY_BASE_URL, WEB_ORIGIN). Before proceeding, ask the publisher for: (1) full source code for the backend that implements the /api/skill-gateway endpoints; (2) a trustworthy homepage or repository and release artifacts; (3) clear deployment instructions showing where data will be stored and who operates the service; and (4) privacy/data-flow details (what user/IM data is stored or sent elsewhere). If you must test, do so in an isolated environment (no production DB credentials) and never hand over real DB URLs or shared secrets to an unverified/opaque service. Providing those to an unknown backend could expose your data and permit privilege escalation.Like a lobster shell, security has layers — review code before you run it.
latestvk972k04m9d9hb3ce9tat79kdd583aymv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.